CVE-2026-23542
ThemeGoods · Grand Restaurant
The Grand Restaurant theme for WordPress contains an insecure deserialization vulnerability that enables object injection.
Executive summary
A critical object injection vulnerability in the Grand Restaurant theme could allow unauthenticated attackers to compromise the underlying WordPress installation.
Vulnerability
The theme improperly handles the deserialization of untrusted input. This flaw allows an attacker to inject malicious objects into the application, which can be leveraged for arbitrary code execution.
Business impact
The 9.8 CVSS score reflects the extreme risk associated with this vulnerability. Exploitation could allow an attacker to bypass authentication, modify site content, or gain full administrative control over the WordPress host, leading to significant reputational and operational damage.
Remediation
Immediate Action: Update the Grand Restaurant theme to the latest patched version immediately.
Proactive Monitoring: Monitor server logs for suspicious activity and unexpected file changes within the theme directory.
Compensating Controls: Utilize a Web Application Firewall to filter malicious traffic and prevent the injection of serialized payloads.
Exploitation status
Public Exploit Available: False
Analyst recommendation
Given the severity of object injection flaws, immediate remediation is required. Organizations using the Grand Restaurant theme should verify their current version and update to the latest release to eliminate the risk of remote compromise.