777
Monthly
Remote PHP object injection in the axiomthemes '777' (triple-seven) WordPress theme allows attackers to instantiate arbitrary PHP objects by supplying crafted serialized data to a vulnerable unserialize() call, affecting all versions up to and including 1.13.0. With the reported CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scoring 9.8, an unauthenticated network attacker can achieve high-impact compromise if a usable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Remote PHP object injection in the axiomthemes '777' (triple-seven) WordPress theme allows attackers to instantiate arbitrary PHP objects by supplying crafted serialized data to a vulnerable unserialize() call, affecting all versions up to and including 1.13.0. With the reported CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scoring 9.8, an unauthenticated network attacker can achieve high-impact compromise if a usable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.