Alukas
Monthly
Unauthenticated PHP Object Injection in the Alukas WordPress theme (versions prior to 3.0.0) allows remote attackers to inject crafted serialized PHP objects into the application, potentially leading to remote code execution, file manipulation, or full site compromise when a usable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is tracked by Patchstack as a deserialization flaw affecting the presslayouts:alukas product line. Real-world impact depends on the gadget chains available in WordPress core or co-installed plugins.
Unauthenticated PHP Object Injection in the Alukas WordPress theme (versions prior to 3.0.0) allows remote attackers to inject crafted serialized PHP objects into the application, potentially leading to remote code execution, file manipulation, or full site compromise when a usable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is tracked by Patchstack as a deserialization flaw affecting the presslayouts:alukas product line. Real-world impact depends on the gadget chains available in WordPress core or co-installed plugins.