CVE Catalog
CVE-2026-56055
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.39%
31th percentile — higher than 31% of all known CVEs
Summary
PHP Object Injection vulnerability in RealHomes plugin versions up to 4.5.3 allows an attacker with subscriber role to inject a malicious PHP object. This can lead to remote code execution or other unauthorized actions on the server.
Risk Assessment
The risk for the organization includes potential server takeover, data theft, or website disruption, especially if the attacker has a subscriber account.
Recommendation
It is recommended to immediately update the RealHomes plugin to version 4.5.4 or later, which fixes this vulnerability. Also, limit user account privileges to the minimum necessary.
Original NVD description (English source)
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.

