Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Super Stage WP WordPress plugin allows unauthenticated PHP code execution
CVE-2026-1542
Summary
The Super Stage WP WordPress plugin, version 1.0.1, does not properly check user input. This makes it possible for anyone to execute malicious PHP code on your website without needing a password. Update the plugin to a fixed version to prevent this.
Original title
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on t...
Original description
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
nvd CVSS3.1
6.5
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 28 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026