Skip to main content

Reina

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40735 HIGH This Week

Unauthenticated PHP object injection in the Reina WordPress theme (versions 2.1 and earlier) by Edge Themes allows remote attackers to trigger insecure deserialization, potentially leading to arbitrary code execution, data tampering, or denial of service when a suitable PHP gadget chain is present in the WordPress instance. The flaw carries a CVSS 3.1 score of 8.1 (High) with no public exploit identified at time of analysis. The reference from Patchstack confirms the issue but no KEV listing or EPSS data is provided.

PHP Deserialization Reina
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-40735
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in the Reina WordPress theme (versions 2.1 and earlier) by Edge Themes allows remote attackers to trigger insecure deserialization, potentially leading to arbitrary code execution, data tampering, or denial of service when a suitable PHP gadget chain is present in the WordPress instance. The flaw carries a CVSS 3.1 score of 8.1 (High) with no public exploit identified at time of analysis. The reference from Patchstack confirms the issue but no KEV listing or EPSS data is provided.

PHP Deserialization Reina
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy