CVE-2025-0855 is a critical vulnerability identified in the PGS Core plugin for WordPress, developed by Potenza Global Solutions. This vulnerability arises from improper handling of untrusted data during PHP object deserialization within the 'import_header' function. Specifically, all versions of the PGS Core plugin up to and including version 5.8.0 are affected. The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data), which allows an unauthenticated attacker to inject malicious PHP objects. While the plugin itself does not contain a known Property Oriented Programming (POP) gadget chain to exploit this injection directly, the presence of additional plugins or themes on the target WordPress installation that include such POP chains could enable an attacker to leverage this vulnerability to perform destructive actions. These actions may include arbitrary file deletion, unauthorized data retrieval, or remote code execution. The vulnerability is remotely exploitable without any authentication or user interaction, making it highly dangerous. The CVSS v3.1 base score is 9.8, reflecting its critical severity with high impact on confidentiality, integrity, and availability. No patches were listed at the time of publication, and no known exploits in the wild have been reported yet. The vulnerability was reserved in January 2025 and published in May 2025, indicating recent discovery and disclosure. Given the widespread use of WordPress and the popularity of the PGS Core plugin in certain sectors, this vulnerability represents a significant risk to affected websites, especially those that rely on additional plugins or themes that could facilitate exploitation through POP chains.

For European organizations, the impact of CVE-2025-0855 can be severe. Many European businesses and institutions use WordPress as their content management system, often relying on plugins like PGS Core for enhanced functionality. Exploitation could lead to unauthorized access to sensitive data, including personal data protected under GDPR, potentially resulting in data breaches with legal and financial consequences. The ability to execute arbitrary code or delete files could disrupt business operations, cause website defacements, or lead to complete service outages. This is particularly critical for sectors such as finance, healthcare, government, and e-commerce, where website availability and data integrity are paramount. The unauthenticated nature of the exploit increases the risk of automated mass scanning and exploitation attempts, potentially affecting a large number of European sites. Furthermore, the lack of a direct POP chain in the plugin itself means that the risk is amplified in environments with complex plugin ecosystems, common in European organizations that customize their WordPress installations. The reputational damage and compliance risks associated with such breaches could be substantial.

European organizations should take immediate and specific actions to mitigate this vulnerability. First, they should identify all WordPress installations using the PGS Core plugin and verify the version in use. Until an official patch is released, organizations should consider disabling the 'import_header' functionality if possible or removing the PGS Core plugin entirely from non-critical systems. Conduct a thorough audit of all installed plugins and themes to identify any that may contain POP chains that could be exploited in conjunction with this vulnerability. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious deserialization payloads targeting the 'import_header' function. Monitor web server and application logs for unusual POST requests or serialized data inputs. Implement strict input validation and sanitization at the application level if custom development is involved. Additionally, organizations should maintain regular backups of their WordPress sites and databases to enable rapid recovery in case of compromise. Engage with the vendor, Potenza Global Solutions, to obtain updates on patch availability and apply them promptly once released. Finally, consider deploying intrusion detection systems (IDS) tuned to detect exploitation attempts of PHP object injection vulnerabilities.