CVE Catalog

CVE-2026-56053

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

PHP Object Injection vulnerability in EventPrime plugin versions up to 4.3.4.1 allows subscribers to inject malicious PHP objects. This can lead to remote code execution or other unauthorized actions on the server.

Risk Assessment

The risk includes potential takeover of the WordPress site by an authenticated user with subscriber role, which may result in data theft, content modification, or further attacks on the infrastructure.

Recommendation

It is recommended to immediately update the EventPrime plugin to version 4.3.4.2 or later, which includes a fix for the vulnerability. Also, limit subscriber privileges to the minimum necessary for site operation.

Original NVD description (English source)

Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS