{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32510", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:13.806Z", "datePublished": "2026-03-25T16:15:04.782Z", "dateUpdated": "2026-03-26T15:55:14.984Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "kamperen", "product": "Kamperen", "vendor": "Edge-Themes", "versions": [{"changes": [{"at": "1.3", "status": "unaffected"}], "lessThanOrEqual": "< 1.3", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Denver Jackson | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:40.565Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.<p>This issue affects Kamperen: from n/a through < 1.3.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "Object Injection"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:15:04.782Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/kamperen/vulnerability/wordpress-kamperen-theme-1-3-arbitrary-object-instantiation-vulnerability?_s_id=cve"}], "title": "WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T15:50:53.457474Z", "id": "CVE-2026-32510", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:55:14.984Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32510", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T15:50:53.457474Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:55:10.547Z"}}], "cna": {"title": "WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Denver Jackson | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "Object Injection"}]}], "affected": [{"vendor": "Edge-Themes", "product": "Kamperen", "versions": [{"status": "affected", "changes": [{"at": "1.3", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "< 1.3"}], "packageName": "kamperen", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-03-25T17:12:40.565Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/kamperen/vulnerability/wordpress-kamperen-theme-1-3-arbitrary-object-instantiation-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.", "supportingMedia": [{"type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.<p>This issue affects Kamperen: from n/a through < 1.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:15:04.782Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32510", "state": "PUBLISHED", "dateUpdated": "2026-03-26T15:55:14.984Z", "dateReserved": "2026-03-12T11:12:13.806Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:15:04.782Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3."}, {"lang": "es", "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Edge-Themes Kamperen kamperen permite la inyecci\u00f3n de objetos. Este problema afecta a Kamperen: desde n/d hasta &lt; 1.3."}], "id": "CVE-2026-32510", "lastModified": "2026-03-26T17:16:37.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T17:17:03.280", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/kamperen/vulnerability/wordpress-kamperen-theme-1-3-arbitrary-object-instantiation-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Kamperen", "source": "cna", "vendor": "Edge-Themes"}, "product": "kamperen", "vendor": "edge-themes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T18:29:57.165261+00:00", "value": {"mitigation_remediation": ["Verify the current Kamperen theme version in the WordPress dashboard or theme folder.", "Upgrade the theme to version 1.3 or newer as soon as possible.", "If an upgrade cannot be performed immediately, remove or deactivate the Kamperen theme from the site."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Object Instantiation leading to potential code execution"}, "threat_synthesis": {"affected_systems": "The issue is present in WordPress websites that use the Edge\u2011Themes Kamperen theme version below 1.3. Any installation of that theme is potentially vulnerable unless the theme has been updated to 1.3 or newer.", "description_and_impact": "This vulnerability allows an attacker to deserialize untrusted data and instantiate arbitrary objects. By crafting a payload that triggers the theme\u2019s deserialization routine, an attacker can potentially gain code execution on the hosting server. The weakness is a classic object deserialization flaw (CWE\u2011502), giving the attacker control over the application's execution flow and compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "Because the flaw is an arbitrary object instantiation, it is considered high severity. The CVSS score is not provided, but the ability to achieve code execution makes exploitation highly valuable. The EPSS score is unavailable, and the vulnerability is not listed in KEV, yet the lack of public patches suggests that attackers may target sites that have not updated. The likely attack vector would be a remote attacker supplying a crafted payload, possibly via a form, URL parameter, or administrative interface that triggers the theme\u2019s deserialization code. Detailed attack prerequisites are unclear from the description, so we infer that the attacker needs write access to data that the theme processes."}}}}, "created": "2026-03-25T21:47:30.024054+00:00", "updated": "2026-03-26T11:35:22.820530+00:00", "vendors": ["edge-themes", "edge-themes$PRODUCT$kamperen", "wordpress", "wordpress$PRODUCT$wordpress"]}