777 <= 1.13.0 - Unauthenticated PHP Object Injection
777 has a PHP object injection issue. An unauthenticated attacker may trigger unsafe code paths. No patch is known, so remove or replace it until fixed.
Quick answer
777 should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- 777 up to and including 1.13.0
Fixed versions
- No known patched version is available; remove or replace 777 until a vendor fix is released
How to fix it
777 has no known patch for this issue. The safest fix is to remove it or replace it until the vendor releases a fixed version.
- Back up the site and database.
- Disable and remove 777.
- Replace it with a maintained plugin or theme if the feature is still needed.
- Review admin users, uploaded files, and recent site changes for abuse.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm 777 is no longer active on the site.
- Run a new scan and confirm the CVE is no longer reported.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-57738?
777 versions listed as affected should be reviewed: 777 up to and including 1.13.0.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
How are Fixnx security risk categories chosen?
Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.
