Extreme Store: Untrusted Data Can Be Injected into Application

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Extreme Store: Untrusted Data Can Be Injected into Application

CVE-2025-69404

Summary

The Extreme Store software has a vulnerability that allows an attacker to inject malicious code into the system. This means that an attacker could potentially take control of the application or access sensitive information. Users should update to the latest version (1.5.8 or later) to fix this issue.

Original title

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.7.

Original description

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.7.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/extremestore/vulnerability/wordp...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026