Skip to main content

Valeska

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40761 HIGH This Week

Unauthenticated PHP object injection in Edge-Themes Valeska WordPress theme versions 1.2.2 and earlier allows remote attackers to trigger insecure deserialization, potentially leading to code execution, file manipulation, or full site compromise when suitable PHP magic-method gadgets are present in the WordPress stack. No public exploit identified at time of analysis, but Patchstack has catalogued the flaw and the high CVSS (8.1) reflects the serious confidentiality, integrity, and availability impact possible against affected installations.

PHP Deserialization Valeska
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-40761
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in Edge-Themes Valeska WordPress theme versions 1.2.2 and earlier allows remote attackers to trigger insecure deserialization, potentially leading to code execution, file manipulation, or full site compromise when suitable PHP magic-method gadgets are present in the WordPress stack. No public exploit identified at time of analysis, but Patchstack has catalogued the flaw and the high CVSS (8.1) reflects the serious confidentiality, integrity, and availability impact possible against affected installations.

PHP Deserialization Valeska
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy