Impact
The vulnerability is a PHP Object Injection flaw that allows an unauthenticated attacker to deserialize arbitrary PHP objects, potentially enabling remote code execution. The flaw is classified as CWE‑502 and may compromise confidentiality, integrity, and availability of the affected system if exploited. Because the vulnerability is unrelated to authentication, any user who can access the vulnerable WordPress site may submit crafted requests to trigger the flaw.
Affected Systems
The issue affects installations of the Edge‑Themes Reina WordPress theme version 2.1 or earlier. Users running any of these theme versions should verify their currently installed version and be aware that the vulnerability exists in all releases up to 2.1 inclusive.
Risk and Exploitability
The vulnerability scores a CVSS of 8.1, indicating high severity. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, yet the absence of these metrics does not diminish the inherent risk of an unauthenticated flaw that can lead to remote code execution. The CVE description indicates that the flaw is a PHP Object Injection that can be triggered by an unauthenticated attacker, but it does not disclose specific entry points; therefore, any component of the Reina theme that processes serialized data is a potential exploitation vector. Because the flaw does not require authentication, sites that expose the vulnerable theme to the public are at risk of compromise.
OpenCVE Enrichment