CVE Catalog

CVE-2026-27436

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Summary

The Five Star Business Profile and Schema WordPress plugin version 2.3.19 and earlier contains an editor arbitrary code execution vulnerability. An attacker can exploit this flaw to gain full control over the website.

Risk Assessment

The risk for the organization includes complete compromise of the WordPress site, data theft, and the potential to distribute malware to visitors.

Recommendation

Immediately update the Five Star Business Profile and Schema plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS