WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability

Description

Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10.

Affected Products

Vendor	Product	Versions
edge-themes	pelicula	n/a

References

https://patchstack.com/database/Wordpress/Theme/pelicula-video-production-and-movie-theme/vulnerability/wordpress-pelicula-theme-1-10-php-object-injection-vulnerability?_s_id=cve(vdb-entry)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-32512 | Edge-Themes Pelicula Plugin up to 1.10 on WordPress deserialization

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-502

Published3/25/2026

Last enriched1d agov2

Trending Score57

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, marked as actively exploited, and noted that patch version 1.10 is available.

severityactivelyExploitedpatchAvailable

via VulDB

v11d ago

Initial creation