Skip to main content

Zermatt

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39545 HIGH This Week

Unauthenticated PHP Object Injection in the Zermatt WordPress theme versions 1.6.1 and earlier allows remote attackers to deliver malicious serialized PHP objects to a vulnerable unserialize() sink without prior authentication. Successful exploitation can lead to high impact on confidentiality, integrity, and availability when a suitable POP gadget chain is reachable in the WordPress installation. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Zermatt
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-39545
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Zermatt WordPress theme versions 1.6.1 and earlier allows remote attackers to deliver malicious serialized PHP objects to a vulnerable unserialize() sink without prior authentication. Successful exploitation can lead to high impact on confidentiality, integrity, and availability when a suitable POP gadget chain is reachable in the WordPress installation. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Zermatt
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy