Skip to main content

Zoya

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40756 HIGH This Week

Unauthenticated PHP Object Injection in the Mikado-Themes Zoya WordPress theme versions 1.4 and earlier allows remote attackers to inject crafted serialized objects that are deserialized by the application. Successful exploitation can lead to arbitrary code execution, data tampering, or denial of service depending on the gadget chains present in WordPress core, plugins, or other themes loaded on the site. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Zoya
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-40756
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Mikado-Themes Zoya WordPress theme versions 1.4 and earlier allows remote attackers to inject crafted serialized objects that are deserialized by the application. Successful exploitation can lead to arbitrary code execution, data tampering, or denial of service depending on the gadget chains present in WordPress core, plugins, or other themes loaded on the site. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Zoya
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy