CVE-2026-1542

NONE EPSS 0.10%

Feb 28, 2026

Updated Feb 28, 2026

WordPress

Parameter	Value
Vendor	WordPress
Public PoC	No

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

References 1

https://wpscan.com/vulnerability/d6e3041f-62e8-49ba-8806-59a1c07ec43d/

contact@wpscan.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6439

WordPress

4.4

CVE-2026-6451

WordPress

4.3

CVE-2026-40308

WordPress

8.8

CVE-2026-3830

Unknown

None

CVE-2026-5809

WordPress

7.1

CVE Details

CVE ID

CVE-2026-1542

Published Date

Feb 28, 2026

Vendor

WordPress

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.10%

Likelihood of exploitation in next 30 days

Percentile: 27.5th percentile (higher than 27.5% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-1542

References 1

Related Vulnerabilities

CVE-2026-6439

CVE-2026-6451

CVE-2026-40308

CVE-2026-3830

CVE-2026-5809

CVE Details

Editor's Choice

Menu

CVE-2026-1542

References 1

Related Vulnerabilities

CVE-2026-6439

CVE-2026-6451

CVE-2026-40308

CVE-2026-3830

CVE-2026-5809

CVE Details

Editor's Choice

Stay informed on cybersecurity