Skip to main content

Shiftup

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40733 HIGH This Week

Unauthenticated PHP object injection in the Mikado Themes ShiftUp WordPress theme (versions ≤ 1.3) allows remote attackers to pass attacker-controlled serialized data into a PHP unserialize() sink, potentially triggering gadget chains that can lead to remote code execution, data tampering, or site takeover. CVSS is rated 8.1 with high attack complexity but no privileges or user interaction required, and no public exploit identified at time of analysis. The issue was disclosed via Patchstack.

PHP Deserialization Shiftup
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-40733
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in the Mikado Themes ShiftUp WordPress theme (versions ≤ 1.3) allows remote attackers to pass attacker-controlled serialized data into a PHP unserialize() sink, potentially triggering gadget chains that can lead to remote code execution, data tampering, or site takeover. CVSS is rated 8.1 with high attack complexity but no privileges or user interaction required, and no public exploit identified at time of analysis. The issue was disclosed via Patchstack.

PHP Deserialization Shiftup
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy