Skip to main content

Emallshop

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39443 HIGH This Week

Unauthenticated PHP Object Injection in the EmallShop WordPress theme (versions <= 2.4.21) allows remote attackers to inject crafted serialized PHP objects that are deserialized by the application, potentially leading to remote code execution, data tampering, or denial of service when a suitable gadget chain is present. The flaw was disclosed by Patchstack (EUVD-2026-37470) and carries CVSS 8.1 (AV:N/AC:H/PR:N/UI:N) - no public exploit identified at time of analysis and not listed in CISA KEV.

PHP Deserialization Emallshop
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-39443
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the EmallShop WordPress theme (versions <= 2.4.21) allows remote attackers to inject crafted serialized PHP objects that are deserialized by the application, potentially leading to remote code execution, data tampering, or denial of service when a suitable gadget chain is present. The flaw was disclosed by Patchstack (EUVD-2026-37470) and carries CVSS 8.1 (AV:N/AC:H/PR:N/UI:N) - no public exploit identified at time of analysis and not listed in CISA KEV.

PHP Deserialization Emallshop
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy