CVE-2026-32510 MEDIUM

CVE-2026-32510: WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability

Vendor Edge-Themes
Product Kamperen
Weakness CWE-502 · Unsafe deserialization
Published March 25, 2026
Last update April 29, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.

Explanation of Vulnerability in Simple Terms

02Summary

Kamperen versions before 1.3 contain a deserialization vulnerability in how they process untrusted data. An authenticated attacker can send specially crafted input to modify site data or cause the application to become unavailable. The vulnerability requires valid user credentials but no additional user interaction.

What an attacker can do

03Attacker Capabilities

Modify site data or cause temporary unavailability by sending malicious serialized input.

Potential impact on your site

04Site Impact

Authenticated users could corrupt site content or trigger denial-of-service conditions without admin intervention.

Conditions required to exploit

05Prerequisites

Attacker must have a valid user account with low-level privileges on the site.

Key dates

06Disclosure timeline

March 25, 2026 CVE published
April 29, 2026 Record updated

Related vulnerabilities

08Related CVE