Impact
SingleMalt theme through version 1.5 contains an unauthenticated PHP Object Injection flaw. The vulnerability allows an attacker to craft a request that triggers PHP’s unserialize function on data supplied by the attacker, leading to arbitrary code execution. The weakness falls under CWE‑502 and can compromise the confidentiality, integrity, and availability of the host system and any data stored by the WordPress installation.
Affected Systems
The flaw affects installations of the Elated‑Themes SingleMalt WordPress theme that are version 1.5 or earlier. No specific minor versions are listed, so all releases up to and including 1.5 are vulnerable.
Risk and Exploitability
The CVSS score of 8.1 indicates a high severity vulnerability. The EPSS score is not available, but the lack of a KEV listing does not reduce the risk; attackers can exploit the flaw remotely through HTTP requests that include serialized payloads. The vulnerability is unauthenticated, so any user can target the affected site without needing credentials. Given the high CVSS score and the nature of remote code execution, the risk is considerable and the exploitability is high.
OpenCVE Enrichment