CVE-2025-32686 – WordPress Team Members <= 3.4.0 - PHP Object Injection Vulnerability

https://notcve.org/view.php?id=CVE-2025-32686

15 Apr 2025 — Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0. The Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.4 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No ... • https://patchstack.com/database/wordpress/plugin/wps-team/vulnerability/wordpress-team-members-3-4-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •