ByteOS Network

NVD Vulnerability Details :

CVE-2026-6433

Received

Source-contact@wpscan.com

Published At-11 May, 2026 | 06:16

Updated At-11 May, 2026 | 06:16

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execute arbitrary PHP code on the server.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

References

Hyperlink	Source	Resource
https://wpscan.com/vulnerability/a0b1c059-e156-4402-ac8d-67f8ad7386cc/	contact@wpscan.com	N/A

Hyperlink: https://wpscan.com/vulnerability/a0b1c059-e156-4402-ac8d-67f8ad7386cc/

Source: contact@wpscan.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History