Skip to main content

Hiroshi

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39560 HIGH This Week

Unauthenticated PHP object injection in the Select Themes 'Hiroshi' WordPress theme through version 1.5.1 allows remote attackers to supply crafted serialized payloads that are deserialized by the theme, potentially leading to code execution, file manipulation, or data compromise when a suitable PHP magic-method gadget chain is present in the WordPress stack. The flaw is reachable without authentication per the CVSS vector, and no public exploit has been identified at time of analysis.

PHP Deserialization Hiroshi
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-39560
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in the Select Themes 'Hiroshi' WordPress theme through version 1.5.1 allows remote attackers to supply crafted serialized payloads that are deserialized by the theme, potentially leading to code execution, file manipulation, or data compromise when a suitable PHP magic-method gadget chain is present in the WordPress stack. The flaw is reachable without authentication per the CVSS vector, and no public exploit has been identified at time of analysis.

PHP Deserialization Hiroshi
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy