A vulnerability was found in Mikado-mes Zoya Plugin up to 1.4 on WordPress and classified as problematic . The affected element is an unknown function. Such manipulation leads to deserialization. This vulnerability is documented as CVE-2026-40756 . The attack can be executed remotely. There is not any exploit available.