Skip to main content

Moderno

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-49108 CRITICAL Act Now

Remote code execution via unauthenticated PHP Object Injection affects the Moderno WordPress theme in all versions prior to 1.43, enabling attackers to send crafted serialized payloads that trigger malicious object instantiation. With CVSS 9.8 and a fully remote, no-interaction attack vector, successful exploitation hinges on the presence of usable POP gadget chains in WordPress core or co-installed plugins. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Deserialization Moderno
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-49108
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution via unauthenticated PHP Object Injection affects the Moderno WordPress theme in all versions prior to 1.43, enabling attackers to send crafted serialized payloads that trigger malicious object instantiation. With CVSS 9.8 and a fully remote, no-interaction attack vector, successful exploitation hinges on the presence of usable POP gadget chains in WordPress core or co-installed plugins. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Deserialization Moderno
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy