Skip to main content

Grand Photography

2 CVEs product

Monthly

CVE-2026-57770 CRITICAL Act Now

PHP Object Injection in the ThemeGoods Grand Photography WordPress theme (all versions up to and including 5.7.8) lets remote attackers deliver crafted serialized data to an unsafe unserialize() sink, potentially achieving code execution, file operations, or SQL injection through POP gadget chains. The CVSS 9.8 rating reflects unauthenticated network exploitation (PR:N/UI:N) with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Deserialization Grand Photography
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-39603 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in ThemeGoods Grand Photography WordPress theme versions up to 5.7.8 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users through crafted requests. The vulnerability requires user interaction (clicking a malicious link) but carries low real-world exploitation risk, with an EPSS score of 0.01% indicating minimal practical likelihood of attack despite the moderate CVSS 5.4 rating.

CSRF Grand Photography
NVD
CVSS 3.1
5.4
EPSS
0.0%
EPSS 1% CVSS 9.8
CRITICAL Act Now

PHP Object Injection in the ThemeGoods Grand Photography WordPress theme (all versions up to and including 5.7.8) lets remote attackers deliver crafted serialized data to an unsafe unserialize() sink, potentially achieving code execution, file operations, or SQL injection through POP gadget chains. The CVSS 9.8 rating reflects unauthenticated network exploitation (PR:N/UI:N) with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Deserialization Grand Photography
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) in ThemeGoods Grand Photography WordPress theme versions up to 5.7.8 allows unauthenticated remote attackers to perform unauthorized actions on behalf of authenticated users through crafted requests. The vulnerability requires user interaction (clicking a malicious link) but carries low real-world exploitation risk, with an EPSS score of 0.01% indicating minimal practical likelihood of attack despite the moderate CVSS 5.4 rating.

CSRF Grand Photography
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy