CVE Catalog
CVE-2026-56037
HighCVSS 8.8Summary
The Themify Popup WordPress plugin contains a deserialization of untrusted data vulnerability allowing object injection. This issue affects all versions up to and including 1.4.3.
Risk Assessment
An attacker can remotely exploit this vulnerability to execute arbitrary code or take over the WordPress site, leading to data confidentiality and integrity breaches.
Recommendation
Immediately update the Themify Popup plugin to the latest available version that fixes this vulnerability. If no update is available, temporarily disable the plugin.
Original NVD description (English source)
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.

