Primary

Context

Elated Themes Töbel WordPress Theme PHP Object Injection Vulnerability

Vulnerability

Patched

A deserialization vulnerability allowing object injection has been identified in the Elated Themes Töbel WordPress theme, affecting versions through 1.8.1. This vulnerability could lead to various impacts, including code execution, SQL injection, path traversal, and denial of service, especially if a suitable property-oriented programming chain is exploited.

Impact

Exploitation of this vulnerability allows for PHP object injection, which could be used to execute arbitrary code, inject malicious SQL, traverse file paths inappropriately, cause a denial-of-service condition, or potentially exploit other vulnerabilities, depending on the presence of a suitable object injection chain.

Remediation

Users are advised to update the Töbel WordPress theme to version 1.9 or later. Patchstack has also issued a mitigation rule to block attacks targeting this vulnerability.

Added: Jun 2, 2026, 12:20 PM

Updated: Jun 2, 2026, 12:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elated Themes Töbel WordPress Theme PHP Object Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Elated-Themes Töbel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating