CVE-2026-40752 Select-Themes CVE debrief

Who should care

Administrators and users of WordPress sites utilizing the Manufaktur Solutions theme version 1.1.1 or earlier should prioritize patching this vulnerability. Due to the high severity and potential for exploitation, immediate attention is required to prevent potential code execution or data breaches.

Technical summary

CVE-2026-40752 is an unauthenticated PHP Object Injection vulnerability in the Manufaktur Solutions theme for WordPress. The vulnerability has a CVSS Score of 8.1, indicating high severity. It allows attackers to inject malicious PHP objects without authentication, potentially leading to arbitrary code execution, data tampering, or system compromise. The vulnerability affects theme versions up to and including 1.1.1.

Defensive priority

high

Recommended defensive actions

• Update the Manufaktur Solutions theme to the latest version, if available.
• If an update is not available, consider replacing the theme with an alternative.
• Implement a Web Application Firewall (WAF) to detect and block suspicious traffic.
• Regularly monitor your WordPress site for unusual activity.
• Limit PHP object injection vulnerabilities by restricting deserialization of untrusted data.
• Consider implementing additional security measures, such as two-factor authentication and regular backups.

Evidence notes

The vulnerability was reported by Patchstack and recorded by CVE.org. The CVE record and NVD details provide additional context. Due to limited information, further technical analysis is restricted.

Official resources