CVE-2026-1542
Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection
CVSS Score
6.5
EPSS Score
0.1%
EPSS Percentile
28th
The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
| Vendor | unknown |
| Product | super stage wp |
| Published | Feb 28, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown super stage wp
Be the first to know when new medium vulnerabilities affecting unknown super stage wp are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Unknown / Super Stage WP
0 ≤ 1.0.1
References
Credits
yiğit ibrahim sağlam WPScan