CVE-2025-60216: 
WordPress vulnerability analysis and mitigation

A Deserialization of Untrusted Data vulnerability (CVE-2025-60216) was discovered in BoldThemes Addison theme affecting versions through 1.4.2. The vulnerability was disclosed on October 22, 2025, and received a CVSS v3 base score of 9.8 (Critical) (AttackerKB).

The vulnerability allows Object Injection through untrusted data deserialization in the Addison WordPress theme. The issue has been assigned a Critical severity rating with a CVSS v3 base score of 9.8, indicating high impact potential. The attack vector is network-accessible, requires no privileges, and needs no user interaction for exploitation (AttackerKB).

The vulnerability has a high severity impact, potentially allowing attackers to execute arbitrary code through object injection. With a CVSS score of 9.8, the vulnerability affects confidentiality, integrity, and availability at their highest levels (AttackerKB).

Users are advised to update the Addison theme to a version newer than 1.4.2 when available. Given the critical nature of the vulnerability, it is recommended to implement additional security measures or consider temporarily disabling the theme until a patch is available (Patchstack).