Impact
The Valiance theme versions up to 1.2 contain an unauthenticated PHP Object Injection flaw that allows the creation of arbitrary PHP objects, potentially giving an attacker the ability to execute unsanitized PHP code on the WordPress site. The weakness is classified as CWE‐502.
Affected Systems
The flaw affects any WordPress site that uses the Elated‑Themes Valiance theme at version 1.2 or earlier. Sites that have not upgraded to 1.3 or a later release are at risk.
Risk and Exploitability
With a CVSS score of 8.1 the vulnerability is rated high severity, yet the EPSS score is below 1 %, indicating a low probability of exploitation at present. The site is not listed in the CISA KEV catalog. Because no authentication is required, an attacker is likely able to craft a malicious request that triggers the object injection. The combination of a critical weakness and the lack of required credentials suggests a moderate to high risk if the theme remains unpatched.
OpenCVE Enrichment