Skip to main content

Techlink

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40755 HIGH This Week

Unauthenticated PHP Object Injection in the Mikado-Themes TechLink WordPress theme (versions up to and including 1.3) allows remote attackers to trigger insecure deserialization of attacker-controlled data. Successful exploitation can lead to full compromise of the underlying WordPress site, including arbitrary code execution, data theft, and site defacement, though the CVSS vector flags high attack complexity (AC:H). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Techlink
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-40755
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Mikado-Themes TechLink WordPress theme (versions up to and including 1.3) allows remote attackers to trigger insecure deserialization of attacker-controlled data. Successful exploitation can lead to full compromise of the underlying WordPress site, including arbitrary code execution, data theft, and site defacement, though the CVSS vector flags high attack complexity (AC:H). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Techlink
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy