AxiomThemes Estate PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the AxiomThemes Estate WordPress theme, affecting versions through 1.3.4. This vulnerability could lead to various types of code injection, including SQL injection, path traversal, and denial-of-service, especially if a suitable property-oriented programming chain is exploited.

Impact

Exploitation of this vulnerability could allow for PHP object injection, which could be leveraged to execute code injection, SQL injection, path traversal, denial-of-service, and more, if a proper object-oriented programming chain is present.

Remediation

Users are advised to deactivate the theme and replace it with a different one, as this theme is unlikely to receive further updates or patches. However, deactivating the theme does not remove the security threat unless a Patchstack mitigation rule is applied.