CVE Catalog

CVE-2026-56055

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

PHP Object Injection vulnerability in RealHomes plugin versions up to 4.5.3 allows an attacker with subscriber role to inject a malicious PHP object. This can lead to remote code execution or other unauthorized actions on the server.

Risk Assessment

The risk for the organization includes potential server takeover, data theft, or website disruption, especially if the attacker has a subscriber account.

Recommendation

It is recommended to immediately update the RealHomes plugin to version 4.5.4 or later, which fixes this vulnerability. Also, limit user account privileges to the minimum necessary.

Original NVD description (English source)

Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS