CVE Catalog
CVE-2026-27436
CriticalCVSS 9.1Summary
The Five Star Business Profile and Schema WordPress plugin version 2.3.19 and earlier contains an editor arbitrary code execution vulnerability. An attacker can exploit this flaw to gain full control over the website.
Risk Assessment
The risk for the organization includes complete compromise of the WordPress site, data theft, and the potential to distribute malware to visitors.
Recommendation
Immediately update the Five Star Business Profile and Schema plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

