AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-68531: Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-ad

infovulnerability

security

Source: NVD/CVE DatabaseFebruary 20, 2026CVE-2025-68531

Summary

CVE-2025-68531 is a deserialization vulnerability (a flaw where an application unsafely processes untrusted data into objects, allowing attackers to inject malicious code) in the ModelTheme Addons plugin for WordPress page builders WPBakery and Elementor. The vulnerability affects versions before 1.5.6 and allows object injection attacks.

Solution / Mitigation

Upgrade ModelTheme Addons for WPBakery and Elementor to version 1.5.6 or later.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-502

CAPEC (Attack Pattern)

CAPEC-586

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-68531

First tracked: February 20, 2026 at 03:06 PM

Classified by LLM (prompt v3) · confidence: 95%