CVE-2025-31052 CRITICAL

CVE-2025-31052: WordPress The Fashion - Model Agency One Page Beauty Theme plugin <= 1.4.4 - Deserialization of untrusted data Vulnerability

Vendor Themeton

Product The Fashion - Model Agency One Page Beauty Theme

Weakness CWE-502 · Unsafe deserialization

Published June 9, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through <= 1.4.4.

Key dates

02Disclosure timeline

June 9, 2025 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-31052

Related vulnerabilities

04Related CVE

CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability CVE-2023-39475 Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2022-3342 Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization CVE-2024-13410 CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler CVE-2025-54366 FreeScout's deserialization of untrusted data leads to Remote Code Execution

Identifiers

CVE CVE-2025-31052

CWE CWE-502

CVSS 9.8 / CRITICAL

Affected versions

Vendor Themeton

Product The Fashion - Model Agency One Page Beauty Theme

Affected ≤ 1.4.4