The designthemes Visual Art | Gallery WordPress Theme up to version 2.4 contains a deserialization of untrusted data vulnerability. This flaw allows an attacker with at least low privileges to inject malicious objects during the deserialization process, potentially leading to remote code execution or other severe impacts. The CVSS v3.1 score is 8.8, reflecting network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability can lead to full compromise of the affected WordPress site, including unauthorized disclosure, modification, or destruction of data and disruption of service. Given the high CVSS score and the nature of object injection, the impact is critical to the security posture of affected installations.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, it is recommended to restrict access to the WordPress admin area, limit privileges of users, and monitor for suspicious activity related to the theme. Avoid using the affected versions of the theme in production environments.