CVE-2026-32502
Deserialization Object Injection in Borgholm Theme
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| borgholm | borgholm_marketing_agency_theme | to 1.6 (exc) |
| select-themes | borgholm_marketing_agency_theme | to 1.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32502 is a high-priority PHP Object Injection vulnerability found in the WordPress Borgholm Theme versions prior to 1.6. It allows unauthenticated attackers to inject malicious PHP objects by exploiting deserialization of untrusted data. This can lead to severe impacts such as code injection, SQL injection, path traversal, denial of service, and other attacks if a suitable Property Oriented Programming (POP) chain is available.
The vulnerability requires no privileges to exploit and falls under the OWASP Top 10 category A3: Injection. It was reported on January 20, 2026, and patched in version 1.6 of the theme.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized code execution, SQL injection, path traversal, and denial of service on websites using vulnerable versions of the Borgholm Theme. Attackers can exploit it without any authentication, potentially compromising the entire website.
Due to its high severity and ease of exploitation, it is expected to be targeted in mass attack campaigns affecting many websites regardless of their traffic or popularity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects WordPress Borgholm Theme versions prior to 1.6 and involves PHP Object Injection exploitable without authentication.
Detection can involve checking the version of the Borgholm Theme installed on your WordPress site to see if it is older than 1.6.
Additionally, monitoring for suspicious HTTP requests that attempt to exploit PHP Object Injection patterns could help detect attacks.
Patchstack provides an automatic mitigation rule that can be used to block attacks targeting this vulnerability, which may also assist in detection.
Specific commands are not provided in the resources, but you can check the theme version via WP-CLI with a command like: wp theme list --status=active
Network monitoring tools or web application firewalls (WAFs) with rules for PHP Object Injection attempts can be used to detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation is to update the Borgholm Theme to version 1.6 or later, where the vulnerability is patched.
Until the update can be applied, Patchstack provides an automatic mitigation rule that can block attacks targeting this vulnerability.
Applying such mitigation rules via a web application firewall or security plugin can reduce the risk of exploitation.
Prompt remediation is critical due to the high severity and likelihood of mass exploitation campaigns.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-32502 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.