BoldThemes Celeste: Untrusted Data Can Inject Malicious Code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

BoldThemes Celeste: Untrusted Data Can Inject Malicious Code

CVE-2026-27369

Summary

The Celeste website builder has a security flaw that allows attackers to inject malicious code. This is particularly concerning because an attacker could exploit it to take control of a website, steal sensitive information, or disrupt its functionality. To protect your website, update Celeste to the latest version (1.3.7 or higher) as soon as possible.

Original title

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6.

Original description

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6.

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/celeste/vulnerability/wordpress-...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026