CVE Catalog
CVE-2026-27414
HighCVSS 8.8Summary
The Werkstatt plugin for WordPress versions 4.8.3 and earlier contains a PHP Object Injection vulnerability via the contributor mechanism. This allows an attacker to inject malicious objects, potentially leading to remote code execution.
Risk Assessment
The risk includes potential takeover of the WordPress site, data theft, or server compromise by an attacker with contributor privileges.
Recommendation
Immediately update the Werkstatt plugin to version 4.8.4 or later, which fixes this vulnerability.
Original NVD description (English source)
Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.

