BoldThemes Nestin: Untrusted Data Can Be Injected into Nestin

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

BoldThemes Nestin: Untrusted Data Can Be Injected into Nestin

CVE-2025-67996

Summary

Nestin, a plugin for BoldThemes, contains a security flaw that lets attackers inject malicious code into the application. This can happen when the plugin is not properly configured or when user input is not validated. To fix this issue, update Nestin to version 1.2.6 or later.

Original title

Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6.

Original description

Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/nestin/vulnerability/wordpress-n...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026