CVE-2026-39573 Select-Themes CVE debrief

Who should care

Administrators and users of the Mildhill theme, particularly those using version 1.5 or earlier, should be aware of this vulnerability and take necessary precautions. This vulnerability can be exploited by unauthenticated attackers, making it a high-risk issue.

Technical summary

CVE-2026-39573 is an unauthenticated PHP object injection vulnerability in the Mildhill theme, version 1.5 or earlier. The vulnerability has a CVSS score of 8.1 and a CVSS vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The CWE associated with this vulnerability is CWE-502. The vulnerability allows attackers to inject malicious PHP objects, potentially leading to code execution.

Defensive priority

High

Recommended defensive actions

• Update the Mildhill theme to the latest version.
• Restrict access to the theme's files and directories.
• Implement additional security measures, such as web application firewalls.
• Monitor the theme's logs for suspicious activity.
• Consider using a security plugin or service to detect and prevent attacks.
• Review and update the theme's configuration and settings.
• Limit the use of PHP object injection in the theme's code.

Evidence notes

The information provided is based on the CVE record and the NVD detail. The CVE record was published on June 17, 2026, and the NVD detail was last modified on June 17, 2026. The vulnerability was reported by [email protected].

Official resources