Skip to main content

Eldon

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40738 HIGH This Week

Unauthenticated PHP Object Injection in the Eldon WordPress theme (versions <= 1.4.1) by Edge-Themes allows remote attackers to inject arbitrary PHP objects through unsafe deserialization, potentially leading to remote code execution, data theft, or site compromise when a suitable POP gadget chain is present in the WordPress environment. No public exploit identified at time of analysis, and Patchstack rates this CVSS 8.1 (High) with high attack complexity reflecting the need for a usable gadget chain.

PHP Deserialization Eldon
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-40738
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Eldon WordPress theme (versions <= 1.4.1) by Edge-Themes allows remote attackers to inject arbitrary PHP objects through unsafe deserialization, potentially leading to remote code execution, data theft, or site compromise when a suitable POP gadget chain is present in the WordPress environment. No public exploit identified at time of analysis, and Patchstack rates this CVSS 8.1 (High) with high attack complexity reflecting the need for a usable gadget chain.

PHP Deserialization Eldon
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy