The vulnerability identified as CVE-2025-32292 affects the AncoraThemes Jarvis – Night Club, Concert, Festival WordPress plugin versions up to 1.8.11. It is a deserialization of untrusted data vulnerability that permits object injection attacks. This type of vulnerability can allow an attacker to execute arbitrary code or manipulate application logic by injecting malicious serialized objects. The CVSS v3.1 base score is 9.8, reflecting critical impact with network attack vector, no privileges or user interaction required, and full compromise of confidentiality, integrity, and availability. There is no patch or official fix information provided at this time, and the plugin is not a cloud service, so remediation depends on vendor updates and user action.

Successful exploitation of this vulnerability can lead to full compromise of the affected WordPress site, including unauthorized code execution, data manipulation, and denial of service. The critical CVSS score reflects high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider disabling or removing the affected plugin if possible. Monitor official AncoraThemes communications for updates and apply any released fixes promptly.