Executive Summary

CVE-2026-39577 is a PHP Object Injection vulnerability found in the WordPress Playroom Theme versions 1.4.1 and below. This vulnerability allows unauthenticated attackers to inject malicious PHP objects, potentially leading to code execution, SQL injection, path traversal, denial of service, and other harmful actions if a suitable POP chain exists.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized code execution, data breaches through SQL injection, unauthorized file access via path traversal, and service disruption through denial of service attacks. Because it requires no authentication, attackers can exploit it remotely, potentially affecting thousands of websites using the vulnerable theme.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate action is required to mitigate the risk of this PHP Object Injection vulnerability in Playroom versions 1.4.1 and below.

• Update the Playroom theme to version 1.5 or later.
• Apply the mitigation rule provided by Patchstack to block attacks until the update is applied.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0