Skip to main content

777

1 CVEs product

Monthly

CVE-2026-57738 CRITICAL Act Now

Remote PHP object injection in the axiomthemes '777' (triple-seven) WordPress theme allows attackers to instantiate arbitrary PHP objects by supplying crafted serialized data to a vulnerable unserialize() call, affecting all versions up to and including 1.13.0. With the reported CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scoring 9.8, an unauthenticated network attacker can achieve high-impact compromise if a usable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Deserialization 777
NVD
CVSS 3.1
9.8
EPSS
0.6%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote PHP object injection in the axiomthemes '777' (triple-seven) WordPress theme allows attackers to instantiate arbitrary PHP objects by supplying crafted serialized data to a vulnerable unserialize() call, affecting all versions up to and including 1.13.0. With the reported CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scoring 9.8, an unauthenticated network attacker can achieve high-impact compromise if a usable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Deserialization 777
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy