Skip to main content

Château Theme CVE-2026-40757

HIGH
Deserialization of Untrusted Data (CWE-502)
2026-06-17 Patchstack
PHP Deserialization Ch Teau
8.1
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.1 HIGH

Network-reachable HTTP endpoint, no auth or UI, but AC:H because successful exploitation depends on a usable POP gadget chain; full CIA impact via potential RCE.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 14:30 vuln.today

DescriptionCVE.org

Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

AnalysisAI

Unauthenticated PHP Object Injection in the Mikado-Themes 'Château' WordPress theme (versions ≤ 1.2.1) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, file manipulation, or full site compromise when a suitable POP gadget chain is present in the WordPress stack. The flaw was disclosed via Patchstack with CVSS 8.1 (high) due to network-reachable, unauthenticated impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) reflects the dependency on a usable gadget chain. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify Château theme on target WordPress site
Delivery
Craft serialized PHP object with POP gadget chain
Exploit
Send payload to vulnerable theme endpoint
Install
Trigger unserialize() of attacker data
C2
Gadget chain executes via magic methods
Execute
Achieve RCE or file write as web user
Impact
Establish persistence via webshell or admin user
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the target site to be running the Mikado-Themes 'Château' WordPress theme at version 1.2.1 or earlier, to be reachable over HTTP(S), and - critically per CVSS AC:H - to have a usable PHP Object Injection gadget chain present in WordPress core, an installed plugin, or another theme so the deserialized object's magic methods can be turned into meaningful impact. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H paints a network-reachable, unauthenticated, high-impact flaw, but AC:H signals that working exploitation depends on the presence of a usable PHP object-injection gadget chain in the target's WordPress/PHP stack - a meaningful gate that lowers practical exploitability versus the raw 8.1 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote unauthenticated attacker sends a crafted HTTP request to a vulnerable Château-themed WordPress site, embedding a serialized PHP object payload in a parameter that the theme passes to unserialize(). When the object is reconstructed, its magic methods trigger a POP gadget chain in WordPress core or an installed plugin, resulting in arbitrary file write, SQL execution, or remote code execution as the web server user. …
Remediation Upgrade the Château theme to a version newer than 1.2.1 as soon as the vendor publishes a patched release; consult the Patchstack advisory (https://patchstack.com/database/wordpress/theme/chateau/vulnerability/wordpress-chateau-theme-1-2-1-php-object-injection-vulnerability) for the exact fixed version, as no specific fix version was provided in the input data and so no patch version can be cited with confidence. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit all WordPress installations to identify Château theme version 1.2.1 or earlier; immediately disable or remove the affected theme and switch to an alternative. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-55692 HIGH POC
7.5 Jun 19

Stored cross-site scripting in the StarCitizenWiki EmbedVideo MediaWiki extension (versions <= 4.0.0) allows any user wi
CVE-2026-9815 MEDIUM POC
6.5 Jun 18

Unrestricted PHP file upload in the MagicForm WordPress plugin (through version 0.1.3) enables unauthenticated remote co
CVE-2026-48908 CRITICAL
10.0 Jun 20

Remote unauthenticated arbitrary file upload in JoomShaper SP Page Builder extension for Joomla (versions 1.0.0 through

CVE-2026-48939 CRITICAL
10.0 Jun 20

Arbitrary PHP file upload in the iCagenda extension for Joomla enables remote unauthenticated attackers to abuse the eve
CVE-2025-69108 CRITICAL
9.8 Jun 16

Unauthenticated PHP Object Injection in the ThemeREX Hot Coffee WordPress theme (versions ≤ 1.7) allows remote attackers

Share

CVE-2026-40757 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy