CVE-2026-1542

MEDIUM

Super Stage WP WordPress Plugin <1.0.1 - Deserialization

Title source: llm

Description

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

References (1)

[Third Party Advisory] https://wpscan.com/vulnerability/d6e3041f-62e8-49ba-8806-59a1c07ec43d/

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 21.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-502

Status draft

Timeline

Published Feb 28, 2026

Tracked Since Feb 28, 2026