Nixpkgs security tracker

Untriaged

Permalink CVE-2026-25359

created 3 weeks, 3 days ago

WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5.

References

https://patchstack.com/database/Wordpress/Theme/pendulum/vulnerability/wordpres… vdb-entry

Affected products

pendulum

=<< 3.1.5

Matching in nixpkgs

pkgs.python312Packages.pendulum

Python datetimes made easy

nixos-25.11 3.1.0
- nixos-25.11-small 3.1.0
- nixpkgs-25.11-darwin 3.1.0

pkgs.python313Packages.pendulum

Python datetimes made easy

nixos-unstable 3.1.0-unstable-2025-10-28
- nixpkgs-unstable 3.1.0-unstable-2025-10-28
- nixos-unstable-small 3.1.0-unstable-2025-10-28
nixos-25.11 3.1.0
- nixos-25.11-small 3.1.0
- nixpkgs-25.11-darwin 3.1.0

pkgs.python314Packages.pendulum

Python datetimes made easy

nixos-unstable 3.1.0-unstable-2025-10-28
- nixpkgs-unstable 3.1.0-unstable-2025-10-28
- nixos-unstable-small 3.1.0-unstable-2025-10-28

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.pendulum

pkgs.python313Packages.pendulum

pkgs.python314Packages.pendulum