CVE Catalog

CVE-2026-27414

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

The Werkstatt plugin for WordPress versions 4.8.3 and earlier contains a PHP Object Injection vulnerability via the contributor mechanism. This allows an attacker to inject malicious objects, potentially leading to remote code execution.

Risk Assessment

The risk includes potential takeover of the WordPress site, data theft, or server compromise by an attacker with contributor privileges.

Recommendation

Immediately update the Werkstatt plugin to version 4.8.4 or later, which fixes this vulnerability.

Original NVD description (English source)

Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS