top of page
perceptive_background_267k.jpg

Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5.

Published:

4 March 2026 at 23:00:00

Alert date:

5 March 2026 at 20:09:02

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A deserialization of untrusted data vulnerability has been identified in the ThemeREX Classter WordPress theme that allows PHP object injection attacks. This security flaw affects all versions of the Classter theme from unknown starting version through version 2.5 and earlier. The vulnerability enables attackers to inject malicious PHP objects through untrusted data deserialization processes. Object injection vulnerabilities can lead to remote code execution, privilege escalation, and complete system compromise. WordPress themes are widely deployed making this a significant security concern for affected installations.

Technical details

Mitigation steps:

Affected products:

ThemeREX Classter WordPress Theme

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-54001
https://patchstack.com/database/Wordpress/Theme/classter/vulnerability/wordpress-classter-theme-2-5-php-object-injection-vulnerability?_s_id=cve

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page