CVE-2026-1542

MEDIUM

Super Stage WP WordPress Plugin <1.0.1 - Deserialization

Title source: llm

Description

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

References (1)

[Third Party Advisory] https://wpscan.com/vulnerability/d6e3041f-62e8-49ba-8806-59a1c07ec43d/

Scores

CVSS v3 6.5

EPSS 0.0010

EPSS Percentile 27.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-502

Status published

Products (2)

None/Super Stage WP < 1.0.1

Unknown/Super Stage WP < 1.0.1

Published Feb 28, 2026

Tracked Since Feb 28, 2026