CVE Catalog

CVE-2026-56037

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

The Themify Popup WordPress plugin contains a deserialization of untrusted data vulnerability allowing object injection. This issue affects all versions up to and including 1.4.3.

Risk Assessment

An attacker can remotely exploit this vulnerability to execute arbitrary code or take over the WordPress site, leading to data confidentiality and integrity breaches.

Recommendation

Immediately update the Themify Popup plugin to the latest available version that fixes this vulnerability. If no update is available, temporarily disable the plugin.

Original NVD description (English source)

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS