Manufaktur Solutions
Monthly
Unauthenticated PHP object injection in the Manufaktur Solutions WordPress theme (versions 1.1.1 and earlier) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, data tampering, or denial of service when a suitable PHP gadget chain is present. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability, tempered by AC:H due to dependency on exploitable gadget chains in the WordPress runtime. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unauthenticated PHP object injection in the Manufaktur Solutions WordPress theme (versions 1.1.1 and earlier) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, data tampering, or denial of service when a suitable PHP gadget chain is present. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability, tempered by AC:H due to dependency on exploitable gadget chains in the WordPress runtime. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.