Summaryinfo

A vulnerability has been found in AncoraThemes Beelove Plugin up to 1.2.6 on WordPress and classified as critical. The affected element is an unknown function. This manipulation causes deserialization. This vulnerability appears as CVE-2026-22507. The attack may be initiated remotely. There is no available exploit.

Detailsinfo

A vulnerability was found in AncoraThemes Beelove Plugin up to 1.2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown part. The manipulation with an unknown input leads to a deserialization vulnerability. The CWE definition for the vulnerability is CWE-502. The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6.

The weakness was presented by Tran Nguyen Bao Khanh. The advisory is shared at patchstack.com. This vulnerability is known as CVE-2026-22507 since 01/07/2026. The exploitation appears to be easy. The attack can be launched remotely. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 03/31/2026).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• WordPress Plugin

Vendor

• AncoraThemes

Name

• Beelove Plugin

Version

• 1.2.0
• 1.2.1
• 1.2.2
• 1.2.3
• 1.2.4
• 1.2.5
• 1.2.6

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion