CVE-2025-49072 – WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability

https://notcve.org/view.php?id=CVE-2025-49072

02 Jun 2025 — Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1. The Mr. Murphy - Custom Dress Tailoring Clothing WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to 1.2.12.1 (exclusive) via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/mr-murphy/vulnerability/wordpress-mr-murphy-1-2-12-1-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •