Kingler ThemeREX Plugin: Malicious Data Injection via Deserialization

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Kingler ThemeREX Plugin: Malicious Data Injection via Deserialization

CVE-2026-27438

Summary

A security issue in the Kingler plugin for WordPress allows attackers to inject malicious data, potentially leading to unauthorized access or data tampering. This issue affects Kingler plugins installed on WordPress sites, and it's recommended to update to the latest version to fix the problem.

Original title

Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7.

Original description

Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7.

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/kingler/vulnerability/wordpress-...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026