Home / Vulnerability Intelligence / CVE-2026-27096

CVE-2026-27096 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 19, 2026

BuddhaThemes ColorFolio - Freelance Designer WordPress Theme - Insecure Deserialization

Published: March 19, 2026Updated: March 19, 2026Remote Exploitable

Overview

BuddhaThemes ColorFolio - Freelance Designer WordPress Theme <= 1.3 contains an insecure deserialization vulnerability caused by deserialization of untrusted data, letting attackers perform object injection remotely, exploit requires crafted input.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 4.1%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code or commands via object injection, potentially leading to full system compromise.

Mitigation

Update to the latest version.

References

https://patchstack.com/database/wordpress/theme/colorfolio/vulnerability/wordpress-colorfolio-freelance-designer-wordpress-theme-theme-1-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 19, 2026

🟠 CVE-2026-27096 - High (8.1) Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27096/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 19, 2026

View original post

Related Resources

Details

CVE ID: CVE-2026-27096
Severity: High
CVSS Score: 8.1
Type: insecure_deserialization
Status: unconfirmed
EPSS: 4.1%
Social Posts: 2

CWE

CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.1%Probability of exploitation in the next 30 days