This vulnerability (CWE-502) in the Constant Contact for WordPress plugin allows an attacker to exploit deserialization of untrusted data, resulting in object injection. The vulnerability affects all versions through 4.1.1. The CVSS 3.1 base score of 8.8 reflects high impact on confidentiality, integrity, and availability, with an attack vector over the network and no privileges required but user interaction necessary. No patch or remediation details are currently provided by the vendor or other authoritative sources.

Successful exploitation could allow an attacker to inject malicious objects during deserialization, potentially leading to full compromise of the affected WordPress environment, including unauthorized access, data manipulation, or denial of service. The high CVSS score indicates critical impacts on confidentiality, integrity, and availability. However, no known exploits have been reported in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or removing the affected plugin if feasible. Monitor vendor communications for updates on patches or mitigations. Avoid interacting with untrusted data inputs related to this plugin to reduce risk.