Skip to main content

Playroom

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39577 HIGH This Week

PHP Object Injection in the Playroom WordPress theme (versions ≤ 1.4.1) by elated-themes allows remote attackers to inject crafted serialized objects that are deserialized by the application, potentially triggering POP-chain gadgets. The vulnerability is described as unauthenticated by Patchstack despite the CVSS vector listing PR:H, and no public exploit identified at time of analysis.

PHP Deserialization Playroom
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-39577
EPSS 0% CVSS 8.1
HIGH This Week

PHP Object Injection in the Playroom WordPress theme (versions ≤ 1.4.1) by elated-themes allows remote attackers to inject crafted serialized objects that are deserialized by the application, potentially triggering POP-chain gadgets. The vulnerability is described as unauthenticated by Patchstack despite the CVSS vector listing PR:H, and no public exploit identified at time of analysis.

PHP Deserialization Playroom
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy