The vulnerability CVE-2025-52761 affects the manfcarlo WP Funnel Manager plugin for WordPress, specifically versions up to and including 1.4.0. It involves deserialization of untrusted data, which allows an attacker to perform object injection. This can lead to remote code execution or other severe impacts due to the manipulation of serialized objects. The vulnerability is remotely exploitable without authentication or user interaction, resulting in a critical severity rating with a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability can lead to full compromise of the affected system, including unauthorized disclosure of information, modification of data, and disruption of service. Given the critical CVSS score and the nature of object injection via deserialization, attackers could execute arbitrary code remotely without any privileges or user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or removing the WP Funnel Manager plugin if possible. Monitor for updates from the vendor or trusted security sources for patches or temporary mitigations.