CVE-2026-22475
Awaiting Analysis Awaiting Analysis - Queue

Deserialization Object Injection in Axiomthemes Estate

Vulnerability report for CVE-2026-22475, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: Patchstack

Description

Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-07-06
AI Q&A
2026-03-05
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
axiomthemes estate to 1.3.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-22475 is a high-priority PHP Object Injection vulnerability affecting the WordPress Estate Theme versions up to and including 1.3.4.

This vulnerability allows unauthenticated attackers to perform PHP Object Injection, which means they can inject malicious objects into the application.

If a suitable Property Oriented Programming (POP) chain is available, this can lead to severe attacks such as remote code execution, SQL injection, path traversal, denial of service, and other exploits.

Impact Analysis

This vulnerability can have critical impacts including allowing attackers to execute arbitrary code remotely on your server.

It can also enable SQL injection attacks, which may compromise your database integrity and confidentiality.

Other possible impacts include path traversal attacks that can expose sensitive files, denial of service conditions that disrupt service availability, and other malicious activities.

Because the theme has not been updated for over a year and no official patch is available, the risk remains high unless mitigations are applied.

Users are advised to apply mitigation rules or remove and replace the vulnerable theme to protect their websites.

Compliance Impact

I don't know

Detection Guidance

The provided resources do not include specific commands or methods to detect this vulnerability on your network or system.

Mitigation Strategies

To mitigate the CVE-2026-22475 vulnerability in the WordPress Estate Theme (versions up to 1.3.4), immediate actions include applying the mitigation rule issued by Patchstack to block exploitation attempts.

Alternatively, users are advised to remove and replace the vulnerable theme entirely, as deactivating the theme alone does not eliminate the security risk.

Since no official patch has been released and the theme is unlikely to receive future updates, applying these mitigations is critical to protect your website.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22475. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart