Skip to main content

Neobeat

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39557 HIGH This Week

Unauthenticated PHP Object Injection in the NeoBeat WordPress theme (versions ≤1.7) allows remote attackers to inject crafted serialized objects that, when deserialized by the application, can be chained with available gadgets to compromise the site. No public exploit identified at time of analysis, but the CVSS 8.1 rating reflects high impact across confidentiality, integrity and availability if a usable gadget chain is present in the WordPress core or installed plugins.

PHP Deserialization Neobeat
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-39557
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the NeoBeat WordPress theme (versions ≤1.7) allows remote attackers to inject crafted serialized objects that, when deserialized by the application, can be chained with available gadgets to compromise the site. No public exploit identified at time of analysis, but the CVSS 8.1 rating reflects high impact across confidentiality, integrity and availability if a usable gadget chain is present in the WordPress core or installed plugins.

PHP Deserialization Neobeat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy