Skip to main content

Ai Lab

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-42380 CRITICAL PATCH Act Now

Unauthenticated PHP Object Injection in the AI Lab WordPress theme versions prior to 5.4.2 enables remote attackers to deliver crafted serialized payloads to a vulnerable deserialization sink. With a CVSS 9.8 rating and no authentication required, successful exploitation can lead to arbitrary code execution, data theft, or full site takeover depending on which POP gadget chains are available in WordPress core or installed plugins. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Ai Lab
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-42380
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated PHP Object Injection in the AI Lab WordPress theme versions prior to 5.4.2 enables remote attackers to deliver crafted serialized payloads to a vulnerable deserialization sink. With a CVSS 9.8 rating and no authentication required, successful exploitation can lead to arbitrary code execution, data theft, or full site takeover depending on which POP gadget chains are available in WordPress core or installed plugins. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Ai Lab
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy