CVE-2026-39551
WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerabilityDeserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.
We have discovered 138 live websites that are affected by CVE-2026-39551.
Common Weakness Enumeration
CWE-502 Deserialization of Untrusted DataDetails
- Published - Jun 2, 2026
- Updated - Jun 2, 2026
Credits
- Denver Jackson | Patchstack Bug Bounty Program (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2026-39551 United States | 16 websites |
 Italy | 29 websites |
 Spain | 8 websites |
 Germany | 8 websites |
 France | 7 websites |
 India | 6 websites |
 Portugal | 6 websites |
 Turkey | 5 websites |
 GB | 4 websites |
 Malaysia | 4 websites |
Website Distribution by TLD
Number of websites using CVE-2026-39551| .com | 54 websites |
| .it | 26 websites |
| .de | 4 websites |
| .es | 4 websites |
| .be | 2 websites |
| .co.uk | 2 websites |
| .se | 2 websites |
| .eu | 2 websites |
| .pl | 2 websites |
| .at | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-39551
Top websites that are affected by CVE-2026-39551. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | ***,*** | |
| ***********.com |  Cyprus | *,***,*** | |
| *********************.**.uk | GB | *,***,*** | |
| ************.es | Spain | *,***,*** | |
| ************.it | France | *,***,*** | |
| *************.it | France | *,***,*** | |
| **********************.com | United States | *,***,*** | |
| *********.in | India | *,***,*** | |
| *******.com | Italy | *,***,*** | |
| *******.com | United States | *,***,*** |