{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69372", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:13:05.451Z", "datePublished": "2026-02-20T15:46:51.523Z", "dateUpdated": "2026-04-28T20:56:16.296Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "sevenhills", "product": "SevenHills", "vendor": "AncoraThemes", "versions": [{"lessThanOrEqual": "1.6.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:03:45.971Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.<p>This issue affects SevenHills: from n/a through <= 1.6.2.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through <= 1.6.2."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:39.343Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/sevenhills/vulnerability/wordpress-sevenhills-theme-1-6-2-php-object-injection-vulnerability?_s_id=cve"}], "title": "WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T21:02:38.623649Z", "id": "CVE-2025-69372", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T20:56:16.296Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69372", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T21:02:38.623649Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:02:39.981Z"}}], "cna": {"title": "WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "Object Injection"}]}], "affected": [{"vendor": "AncoraThemes", "product": "SevenHills", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.6.2"}], "packageName": "sevenhills", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:03:45.971Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/sevenhills/vulnerability/wordpress-sevenhills-theme-1-6-2-php-object-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through <= 1.6.2.", "supportingMedia": [{"type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.<p>This issue affects SevenHills: from n/a through <= 1.6.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:13:24.591Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69372", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:13:24.591Z", "dateReserved": "2025-12-31T20:13:05.451Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-20T15:46:51.523Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through <= 1.6.2."}, {"lang": "es", "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en AncoraThemes SevenHills sevenhills permite la inyecci\u00f3n de objetos. Este problema afecta a SevenHills: desde n/a hasta &lt;= 1.6.2."}], "id": "CVE-2025-69372", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T16:22:21.440", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/sevenhills/vulnerability/wordpress-sevenhills-theme-1-6-2-php-object-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "SevenHills", "source": "cna", "vendor": "AncoraThemes"}, "product": "sevenhills", "vendor": "ancorathemes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-27T20:26:29.309676+00:00", "value": {"mitigation_remediation": ["Apply the latest SevenHills theme release that removes the deserialization flaw (any version newer than 1.6.2).", "If an update is not yet available, temporarily deactivate or uninstall the SevenHills theme to prevent exploitation until a fix is applied.", "Configure a web application firewall or equivalent rule set to block deserialized data from untrusted sources and restrict file uploads that could carry malicious payloads.", "Monitor web server logs for evidence of object injection attempts and review for unauthorized access after remediation."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution through PHP object injection"}, "threat_synthesis": {"affected_systems": "This vulnerability affects the AncoraThemes SevenHills WordPress theme for all releases up to and including version 1.6.2. No higher versions are listed as affected.", "description_and_impact": "AncoraThemes SevenHills theme suffers from a deserialization of untrusted data flaw that permits PHP object injection. Attackers can craft malicious serialized payloads that, when processed by the theme, result in arbitrary code execution. The weakness is classified as CWE-502, indicating that the application fails to protect against potentially dangerous sent data.", "risk_and_exploitability": "The CVSS score of 9.8 signals a critical severity, and the EPSS score of less than 1% suggests that exploitation is unlikely but still possible. It is not listed in the CISA KEV catalog. The likely attack vector is any pathway that delivers untrusted serialized data into the theme\u2019s processing logic, such as user\u2011submitted content or REST endpoints. Successful exploitation would allow an attacker to run arbitrary code on the webserver, compromising confidentiality, integrity and availability."}}}}, "created": "2026-02-23T14:37:20.927722+00:00", "updated": "2026-04-27T20:30:12.275799+00:00", "vendors": ["ancorathemes", "ancorathemes$PRODUCT$sevenhills", "wordpress", "wordpress$PRODUCT$wordpress"]}