PT-2026-22463 · WordPress · Super Stage Wp

Published

2026-02-28

Updated

2026-02-28

CVE-2026-1542

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Super Stage WP WordPress plugin versions through 1.0.1

Description The software allows unauthenticated users to perform PHP Object Injection. This is possible because the software unserializes user input via REQUEST when a suitable gadget is present. The issue could allow for malicious code execution.

Recommendations Update the Super Stage WP WordPress plugin to a version later than 1.0.1.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2026-1542

Affected Products

Super Stage Wp

PT-2026-22463 · WordPress · Super Stage Wp

CVE-2026-1542

Weakness Enumeration

Related Identifiers

Affected Products

References · 6