Mildhill
Monthly
Unauthenticated PHP Object Injection affects the Select Themes Mildhill WordPress theme in versions 1.5 and earlier, allowing remote attackers to inject crafted serialized PHP objects that the application deserializes without validation. Successful exploitation can yield high confidentiality, integrity, and availability impact on the underlying WordPress site, typically by chaining the injected object with a POP gadget present in the theme, WordPress core, or another installed plugin. No public exploit identified at time of analysis, and the issue is reported via Patchstack rather than the CISA KEV catalog.
Unauthenticated PHP Object Injection affects the Select Themes Mildhill WordPress theme in versions 1.5 and earlier, allowing remote attackers to inject crafted serialized PHP objects that the application deserializes without validation. Successful exploitation can yield high confidentiality, integrity, and availability impact on the underlying WordPress site, typically by chaining the injected object with a POP gadget present in the theme, WordPress core, or another installed plugin. No public exploit identified at time of analysis, and the issue is reported via Patchstack rather than the CISA KEV catalog.