Untrusted Data Deserialization in Pizza House ThemeREX Plugin

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Untrusted Data Deserialization in Pizza House ThemeREX Plugin

CVE-2026-28074

Summary

An attacker can inject malicious data into Pizza House, potentially causing harm. This issue affects all versions of Pizza House up to 1.4.0. Update to a fixed version to protect your site.

Original title

Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0.

Original description

Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/pizzahouse/vulnerability/wordpre...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026