CVE-2026-28105
Deserialization Object Injection in ThemeREX Good Energy
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themerex | good_energy | to 1.7.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28105 is a high-priority PHP Object Injection vulnerability found in the WordPress Good Energy Theme versions up to and including 1.7.7.
This vulnerability allows unauthenticated attackers to perform PHP Object Injection by exploiting deserialization of untrusted data, which can lead to severe security issues.
If a suitable Property Oriented Programming (POP) chain is available, attackers can leverage this vulnerability to execute remote code, perform SQL injection, path traversal, denial of service, and other critical impacts.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution, which allows attackers to run arbitrary code on the affected system.
It can also lead to SQL injection, enabling attackers to manipulate or access the database unlawfully.
Other possible impacts include path traversal, which can expose sensitive files, and denial of service, which can disrupt the availability of the website.
Since no privileges are required to exploit this vulnerability, it poses a significant risk to affected websites.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the WordPress Good Energy Theme versions up to and including 1.7.7 and involves PHP Object Injection. Detection typically involves monitoring for exploitation attempts targeting this theme.
Patchstack has provided a mitigation rule to block exploitation attempts, which implies that detection can be done by monitoring logs for blocked attempts or suspicious PHP object injection payloads targeting the Good Energy theme.
Specific commands are not provided in the available resources, but general detection methods include:
- Checking web server access logs for unusual POST requests or payloads containing serialized PHP objects.
- Using intrusion detection systems (IDS) or web application firewalls (WAF) with rules to detect PHP Object Injection patterns.
- Applying Patchstackβs mitigation rule and monitoring its logs for blocked exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
As no official patch has been released for this vulnerability as of the publication date, immediate mitigation involves applying the mitigation rule provided by Patchstack to block exploitation attempts.
Users are strongly advised to implement this mitigation immediately to protect their websites from potential remote code execution, SQL injection, path traversal, denial of service, and other severe impacts.
Additionally, monitoring for suspicious activity and restricting access to the affected theme files where possible can help reduce risk until an official patch is available.