CVE-2026-6433

Published: Mag 11, 2026 Last Modified: Mag 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execute arbitrary PHP code on the server.

https://wpscan.com/vulnerability/a0b1c059-e156-4402-ac8d-67…

https://wpscan.com/vulnerability/a0b1c059-e156-4402-ac8d-67f8ad7386cc/

CVE-2026-6433

Description

Iscriviti alla newsletter