Pets Club ThemeREX Pets Club allows malicious data injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Pets Club ThemeREX Pets Club allows malicious data injection

CVE-2026-22453

Summary

The Pets Club theme for WordPress allows attackers to inject malicious data, which could lead to unauthorized actions. This affects all versions of Pets Club up to and including 2.3. To protect your site, update to the latest version of Pets Club or remove the theme if you're using an older version.

Original title

Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through <= 2.3.

Original description

Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through <= 2.3.

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/petclub/vulnerability/wordpress-...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026