CVE-2026-56053
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
PHP Object Injection vulnerability in EventPrime plugin versions up to 4.3.4.1 allows subscribers to inject malicious PHP objects. This can lead to remote code execution or other unauthorized actions on the server.
Risk Assessment
The risk includes potential takeover of the WordPress site by an authenticated user with subscriber role, which may result in data theft, content modification, or further attacks on the infrastructure.
Recommendation
It is recommended to immediately update the EventPrime plugin to version 4.3.4.2 or later, which includes a fix for the vulnerability. Also, limit subscriber privileges to the minimum necessary for site operation.
Original NVD description (English source)
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.

