CVE-2025-49073 – WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability

https://notcve.org/view.php?id=CVE-2025-49073

03 Jun 2025 — Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object Injection.This issue affects Sweet Dessert: from n/a before 1.1.13. The Sweet Dessert theme for WordPress is vulnerable to PHP Object Injection in versions up to 1.1.13 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the ... • https://patchstack.com/database/wordpress/theme/sweet-dessert/vulnerability/wordpress-sweet-dessert-1-1-13-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •