Description
Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.
Published: 2026-03-25
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Object Instantiation that could enable remote code execution
Action: Immediate Patch
AI Analysis

Impact

Deserialization of untrusted data in the Edge‑Themes Kamperen WordPress theme allows an attacker to inject arbitrary PHP objects. This object injection can lead to unauthorized code execution or privilege escalation on the affected site. The weakness is classified as CWE‑502 and grants an attacker a high level of control over the application once exploited.

Affected Systems

The Kamperen theme versions earlier than 1.3 are vulnerable. Site owners using any of these versions must consider them at risk until the theme is updated to 1.3 or later.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog, further implying limited current exploitation. Exploitation would require an attacker to supply crafted serialized payloads, likely through a remote interface such as a form or plugin data submission.

Generated by OpenCVE AI on March 26, 2026 at 18:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Kamperen theme to version 1.3 or later.

Generated by OpenCVE AI on March 26, 2026 at 18:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Edge-themes
Edge-themes kamperen
Wordpress
Wordpress wordpress
Vendors & Products Edge-themes
Edge-themes kamperen
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.
Title WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability
Weaknesses CWE-502
References

Subscriptions

Edge-themes Kamperen
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-26T15:55:14.984Z

Reserved: 2026-03-12T11:12:13.806Z

Link: CVE-2026-32510

cve-icon Vulnrichment

Updated: 2026-03-26T15:55:10.547Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:17:03.280

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-32510

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:30:52Z

Weaknesses