{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22473", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T13:44:06.689Z", "datePublished": "2026-03-05T05:53:46.541Z", "dateUpdated": "2026-04-28T17:18:02.741Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "dental", "product": "Dental Clinic", "vendor": "designthemes", "versions": [{"lessThanOrEqual": "3.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:52.615Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.<p>This issue affects Dental Clinic: from n/a through <= 3.7.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:45.120Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/dental/vulnerability/wordpress-dental-clinic-theme-3-7-php-object-injection-vulnerability?_s_id=cve"}], "title": "WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T15:24:29.412479Z", "id": "CVE-2026-22473", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T17:18:02.741Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22473", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-09T15:24:29.412479Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T15:24:15.009Z"}}], "cna": {"title": "WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "Object Injection"}]}], "affected": [{"vendor": "designthemes", "product": "Dental Clinic", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.7"}], "packageName": "dental", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:52.615Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/dental/vulnerability/wordpress-dental-clinic-theme-3-7-php-object-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.", "supportingMedia": [{"type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.<p>This issue affects Dental Clinic: from n/a through <= 3.7.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:13:58.678Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22473", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:13:58.678Z", "dateReserved": "2026-01-07T13:44:06.689Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-05T05:53:46.541Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7."}, {"lang": "es", "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en designthemes Dental Clinic dental permite la inyecci\u00f3n de objetos. Este problema afecta a Dental Clinic: desde n/a hasta &lt;= 3.7."}], "id": "CVE-2026-22473", "lastModified": "2026-04-22T21:26:58.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-05T06:16:20.907", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/dental/vulnerability/wordpress-dental-clinic-theme-3-7-php-object-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.7]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Dental Clinic", "source": "cna", "vendor": "designthemes"}, "product": "dental_clinic", "vendor": "designthemes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T12:47:29.106642+00:00", "value": {"mitigation_remediation": ["Upgrade the Dental Clinic theme to a version newer than 3.7, if an updated release is available from designthemes.", "If an update is not feasible, deactivate or remove the Dental Clinic theme to eliminate the vulnerable code path.", "Ensure that the WordPress installation and its files have strict permissions (e.g., 755 for directories, 644 for files) and that the theme directory is not writable by users who should not deploy code.", "Keep the core WordPress software, all other plugins, and the theme configuration up to date, and monitor admin logs for anomalous POST requests that contain serialized data."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Versions of the Dental Clinic theme supplied by designthemes with build numbers up to and including 3.7 are affected. The vulnerability applies whenever the theme processes user-supplied serialized data, such as through theme settings or AJAX callbacks in the front\u2011end. No other products or versions are listed as impacted.", "description_and_impact": "Deserialization of untrusted data in the designthemes Dental Clinic WordPress theme (\u2264\u202f3.7) permits PHP Object Injection. An attacker can supply crafted input that causes PHP to instantiate arbitrary objects, potentially leading to code execution, data disclosure, or privilege escalation. The weakness is classified as CWE\u2011502, indicating that maliciously crafted serialized data is handled without proper validation.", "risk_and_exploitability": "With a CVSS score of 8.8 the issue is considered high severity. The EPSS score of\u202f<\u202f1\u202f% indicates that automated exploitation is currently rare, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector involves inbound HTTP requests that contain the serialized payload, typically through the theme\u2019s configuration interface or exposed REST endpoints. Successful exploitation would give an attacker remote code execution privileges on the WordPress installation, affecting confidentiality, integrity, and availability of the site."}}}}, "created": "2026-03-06T15:14:00.031129+00:00", "updated": "2026-04-16T13:00:11.067692+00:00", "vendors": ["designthemes", "designthemes$PRODUCT$dental_clinic", "wordpress", "wordpress$PRODUCT$wordpress"]}