What is the CVSS score of EUVD-2026-15864?

EUVD-2026-15864 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Kamperen are affected by EUVD-2026-15864?

CVE-2026-32510 presents moderate security risk, a insecure deserialization vulnerability rated CVSS 5.4. Exploitation could compromise the security of affected deployments.. A patch is available.

Kamperen EUVD-2026-15864

Q: How to fix or mitigate EUVD-2026-15864?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

| CVE-2026-32510 MEDIUM

Deserialization of Untrusted Data (CWE-502)

2026-03-25 Patchstack

GHSA-g86r-3x4w-vj28

Deserialization Kamperen

5.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.4 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.3

EUVD ID Assigned

Mar 25, 2026 - 16:47 euvd

EUVD-2026-15864

Analysis Generated

Mar 25, 2026 - 16:47 vuln.today

CVE Published

Mar 25, 2026 - 16:15 nvd

MEDIUM 5.4

DescriptionCVE.org

Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.

AnalysisAI

A deserialization of untrusted data vulnerability exists in Edge-Themes Kamperen WordPress theme versions prior to 1.3, allowing attackers to perform arbitrary object instantiation through object injection attacks. This CWE-502 vulnerability enables remote code execution or information disclosure without requiring authentication in many scenarios. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While no CVSS score, EPSS probability, or KEV status has been assigned, the vulnerability should be treated as high priority based on several factors: (1) the attack vector is likely network-based and requires low to no authentication given the theme context, (2) CWE-502 deserialization flaws are routinely exploited in real-world attacks and often lead to remote code execution, (3) WordPress themes are widely distributed and installations tend to lag on updates, creating a large attack surface, (4) Patchstack's public disclosure increases visibility to malicious actors. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker discovers that the Kamperen theme processes user-supplied input (likely via a theme option, form submission, or REST API endpoint) without proper input validation before unserializing it. The attacker crafts a malicious serialized PHP object chain that, when unserialized, triggers magic methods in commonly available WordPress classes (such as those in plugins or core) to execute arbitrary code—for example, writing a PHP backdoor file to wp-content/uploads/. …
Remediation	Immediately upgrade the Kamperen theme to version 1.3 or later through the WordPress theme administration panel or via direct download from the Edge-Themes vendor. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-15864 vulnerability details – vuln.today

Back