Kleor Contact Manager allows malicious data to execute code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Kleor Contact Manager allows malicious data to execute code

CVE-2025-68853

Summary

A security flaw in the Kleor Contact Manager software allows an attacker to inject malicious code, potentially leading to unauthorized actions or data breaches. This issue affects versions 9.1.1 and earlier of the software. To stay protected, update to the latest version (9.1.2 or later) or consider replacing the software if an update is not available.

Original title

Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1.

Original description

Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1.

nvd CVSS3.1 8.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Plugin/contact-manager/vulnerability/w...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026