This vulnerability in BoldThemes Travelicious (versions before 1.6.7) involves deserialization of untrusted data, enabling object injection attacks. Such vulnerabilities typically allow attackers to manipulate serialized objects to execute arbitrary code or cause other harmful effects. The CVSS 3.1 score of 9.8 reflects that the vulnerability is remotely exploitable without authentication or user interaction and results in complete compromise of confidentiality, integrity, and availability. No patch or vendor advisory details are currently available to confirm remediation status.

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code or perform other malicious actions, leading to full compromise of the affected system's confidentiality, integrity, and availability. This represents a critical security risk for affected installations of BoldThemes Travelicious prior to version 1.6.7.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting network access to the affected application and monitoring for suspicious activity related to object deserialization. Avoid processing untrusted serialized data where possible.