Capella: Malicious data can inject objects into your system

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Capella: Malicious data can inject objects into your system

CVE-2025-69370

Summary

A security weakness in Capella versions up to 2.5.5 makes it possible for attackers to inject malicious code into your system. This could potentially lead to unauthorized access or data corruption. We recommend updating to the latest version of Capella to fix this issue.

Original title

Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5.

Original description

Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/capella/vulnerability/wordpress-...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026