CVE-2026-57738
Received Received - Intake

Deserialization of Untrusted Data in 777 Triple-Seven

Vulnerability report for CVE-2026-57738, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
axiomthemes 777_triple-seven to 1.13.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can have severe impacts including remote code execution, SQL injection, path traversal, denial of service, and other malicious activities if an attacker can exploit a suitable Property-Oriented Programming (POP) chain. Because it has a CVSS score of 9.8, it is highly dangerous and likely to be targeted in widespread attacks, potentially compromising the security and availability of affected websites.

Executive Summary

CVE-2026-57738 is a high-severity vulnerability in the WordPress 777 Theme (versions 1.13.0 and below) that allows PHP Object Injection through deserialization of untrusted data. This means that an attacker can inject malicious objects into the application, potentially leading to unauthorized code execution and other harmful actions.

Detection Guidance

There is no specific detection command or method provided in the available resources for identifying this vulnerability on your network or system.

However, since this vulnerability affects the WordPress 777 Theme versions 1.13.0 and below, you can check the version of the installed theme to determine if it is vulnerable.

  • Check the theme version in your WordPress admin dashboard under Appearance > Themes.
  • Alternatively, use WP-CLI to check the theme version with the command: wp theme list --status=active
Mitigation Strategies

Immediate mitigation steps include updating the WordPress 777 Theme to a version above 1.13.0 once available.

Since no official patch is currently available, Patchstack has issued a temporary mitigation rule to block attacks targeting this vulnerability.

  • Apply the temporary mitigation rule provided by Patchstack to block exploit attempts.
  • Contact your hosting provider or web developer for assistance in applying mitigations or updates.
  • Consider using automated vulnerability mitigation solutions offered by Patchstack to protect your website until an official fix is released.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57738. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart