Skip to main content

St L

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-32511 MEDIUM PATCH This Month

A deserialization of untrusted data vulnerability exists in Mikado-Themes Stål (a WordPress theme) that allows arbitrary object injection through unsafe unserialize() operations. Versions prior to 1.7 are affected. An attacker can exploit this to instantiate arbitrary PHP objects, potentially leading to remote code execution, data exfiltration, or site compromise depending on available gadget chains in the WordPress environment.

Deserialization St L
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-32511
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A deserialization of untrusted data vulnerability exists in Mikado-Themes Stål (a WordPress theme) that allows arbitrary object injection through unsafe unserialize() operations. Versions prior to 1.7 are affected. An attacker can exploit this to instantiate arbitrary PHP objects, potentially leading to remote code execution, data exfiltration, or site compromise depending on available gadget chains in the WordPress environment.

Deserialization St L
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy