diff --git a/docs/readme.txt b/docs/readme.txt
index 70fa8d5..03d080c 100644
--- a/docs/readme.txt
+++ b/docs/readme.txt
@@ -46,6 +46,9 @@ When writing your search string, make sure to wrap your search in forward slashe
 
 == Changelog ==
 
+= 2.6.7 ( beta) =
+* Fixed secured unserialized data handling to prevent potential vulnerabilities.
+
 = 2.6.6 (2024-08-21) =
 * Fixed missing URL input sanitization.
 * Verified compatibility with WordPress 6.6
diff --git a/includes/Extension/SearchReplace/Replace/class-sql.php b/includes/Extension/SearchReplace/Replace/class-sql.php
index 085496a..f81ac76 100644
--- a/includes/Extension/SearchReplace/Replace/class-sql.php
+++ b/includes/Extension/SearchReplace/Replace/class-sql.php
@@ -166,8 +166,14 @@ public function get_edit_url() {
 	 */
 	public function recursive_unserialize_replace( $from = '', $to = '', $data = '', $serialised = false ) {
 		// Some unserialised data cannot be re-serialised eg. SimpleXMLElements.
+		global $wpdb;
+		
 		try {
-			$unserialized = @unserialize( $data );
+			$unserialized = false;
+			if ( ! empty( $data ) && ( $wpdb->prefix . 'comments' !== $this->table_name || 'comment_content' !== $this->column_name ) && is_serialized( $data ) ) {
+				$unserialized = @unserialize( $data, array( 'allowed_classes' => false ) );
+			}
+			
 			if ( is_string( $data ) && false !== $unserialized ) {
 				$data = $this->recursive_unserialize_replace( $from, $to, $unserialized, true );
 			} elseif ( is_array( $data ) ) {