Impact
This vulnerability is an unauthenticated PHP Object Injection flaw that allows an attacker to instantiate arbitrary PHP objects through serialized data processing. The flaw enables execution of arbitrary code within the context of the WordPress site, which can lead to full compromise of site integrity and confidentiality.
Affected Systems
The Mikado-Themes Château theme versions 1.2.1 and earlier are affected by this weakness. Any WordPress installation using these versions is vulnerable until the theme is upgraded.
Risk and Exploitability
The assigned CVSS score of 8.1 indicates high severity. EPSS data are not available, and the issue is not listed in CISA KEV. The vulnerability can be exploited remotely without authentication, likely by sending crafted serialized input through a vulnerable endpoint or form field. Successful exploitation can result in arbitrary code execution on the web server.
OpenCVE Enrichment