T Bel
Monthly
PHP object injection in the Elated-Themes Töbel WordPress theme (versions up to and including 1.8.1) allows remote attackers to trigger unsafe deserialization of attacker-controlled data, potentially leading to arbitrary code execution, file manipulation, or data tampering depending on available POP gadgets. Rated CVSS 8.1 (High) with no public exploit identified at time of analysis and no CISA KEV listing, though the network attack vector and lack of authentication requirement make it a meaningful risk to any WordPress site running the theme.
PHP object injection in the Elated-Themes Töbel WordPress theme (versions up to and including 1.8.1) allows remote attackers to trigger unsafe deserialization of attacker-controlled data, potentially leading to arbitrary code execution, file manipulation, or data tampering depending on available POP gadgets. Rated CVSS 8.1 (High) with no public exploit identified at time of analysis and no CISA KEV listing, though the network attack vector and lack of authentication requirement make it a meaningful risk to any WordPress site running the theme.