KindlyCare: Untrusted Data Injected via Deserialization

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

KindlyCare: Untrusted Data Injected via Deserialization

CVE-2025-69371

Summary

An attacker can inject malicious code into KindlyCare, potentially leading to unauthorized access or data manipulation. This vulnerability affects KindlyCare versions up to 1.6.1. Update to a fixed version to prevent this risk.

Original title

Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1.

Original description

Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/kindlycare/vulnerability/wordpre...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026