PhotoMe ThemeGoods PhotoMe Untrusted Data Deserialization Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

PhotoMe ThemeGoods PhotoMe Untrusted Data Deserialization Risk

CVE-2025-69301

Summary

PhotoMe users are at risk of data tampering if an attacker sends specially crafted data. This affects PhotoMe versions up to 5.6.11. Update to version 5.6.12 or later to fix the issue.

Original title

Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11.

Original description

Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/photome/vulnerability/wordpress-...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026