Description
Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7.
Published: 2026-03-25
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Insecure Deserialization leading to Object Injection
Action: Patch Now
AI Analysis

Impact

The Stål WordPress theme contains an insecure deserialization flaw that permits attackers to instantiate arbitrary objects. The vulnerability is classified as CWE‑502. This flaw can potentially be leveraged to execute unauthorized code or alter the application’s behavior, depending on how the deserialized data is used within the application.

Affected Systems

The issue affects the Mikado‑Themes Stål WordPress theme across all versions older than 1.7. In particular, any installation running a version earlier than 1.7 is vulnerable.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity, and the lack of an EPSS score or KEV listing suggests that exploitation is not widely documented at present. Based on the description, the likely attack vector is remote, requiring the attacker to supply malicious serialized data—such as through a form submission or other user input—to trigger the deserialization process. Because no official patch is listed in the provided references, the risk remains until the theme is updated to a fixed version.

Generated by OpenCVE AI on March 25, 2026 at 22:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the currently installed Stål theme version.
  • Update the theme to version 1.7 or later, which removes the insecure deserialization flaw.
  • If an update cannot be applied immediately, restrict access to the parts of the theme that deserialize user‑supplied data or disable those features until a patch is available.
  • Monitor the theme’s official repository for update announcements or security advisories.

Generated by OpenCVE AI on March 25, 2026 at 22:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Mikado-themes
Mikado-themes stål
Wordpress
Wordpress wordpress
Vendors & Products Mikado-themes
Mikado-themes stål
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7.
Title WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability
Weaknesses CWE-502
References

Subscriptions

Mikado-themes Stål
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-25T20:18:11.384Z

Reserved: 2026-03-12T11:12:13.806Z

Link: CVE-2026-32511

cve-icon Vulnrichment

Updated: 2026-03-25T20:16:25.767Z

cve-icon NVD

Status : Received

Published: 2026-03-25T17:17:03.413

Modified: 2026-03-25T21:16:42.803

Link: CVE-2026-32511

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:12:29Z

Weaknesses