{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T15:48:06.778","vulnerabilities":[{"cve":{"id":"CVE-2025-39485","sourceIdentifier":"audit@patchstack.com","published":"2025-05-23T13:15:30.610","lastModified":"2026-04-01T17:23:11.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue affects Grand Tour: from n/a through <= 5.6."},{"lang":"es","value":"La vulnerabilidad de deserialización de datos no confiables en ThemeGoods Grand Tour | Travel Agency WordPress permite la inyección de objetos. Este problema afecta a Grand Tour | Agencia de Viajes WordPress desde n/d hasta la versión 5.5.1."}],"metrics":{},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:themegoods:grand_tour:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"5.6","matchCriteriaId":"45A26C52-8CAE-47CB-BB48-D6EF9A6782AD"}]}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Theme/grandtour/vulnerability/wordpress-grandtour-theme-5-5-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]}]}}]}