CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48287 – WordPress Pix 4x sem juros - Pagaleve <= 1.6.9 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-48287
21 May 2025 — Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through 1.6.9. The Pix 4x sem juros - Pagaleve plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.6.9 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is pres... • https://patchstack.com/database/wordpress/plugin/wc-pagaleve/vulnerability/wordpress-pix-4x-sem-juros-pagaleve-1-6-9-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •