Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-25358

created 3 weeks, 3 days ago

WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2.

References

https://patchstack.com/database/Wordpress/Theme/meloo/vulnerability/wordpress-m… vdb-entry

Affected products

meloo

=<< 2.8.2

Matching in nixpkgs

pkgs.timeloop

Chip modeling/mapping benchmarking framework

nixos-unstable 3.0.3
- nixpkgs-unstable 3.0.3
- nixos-unstable-small 3.0.3
nixos-25.11 3.0.3
- nixos-25.11-small 3.0.3
- nixpkgs-25.11-darwin 3.0.3

Package maintainers

@gdinh Grace Dinh <nix@contact.dinh.ai>