Logo
Retour à la veille

CVE-2026-6933

Publié : 16 juin 2026
Modifié : 16 juin 2026
Lien officiel NVD
Score CVSS
8.8
HIGH

Description détaillée

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the 'createFromStub' function performing unsanitized string substitution of the 'premmerce_plugin_namespace' parameter directly into PHP stub files written to the wp-content/plugins/ directory. An attacker can inject a semicolon followed by arbitrary PHP code into the namespace parameter, causing the generated plugin file to contain and execute that code when accessed via HTTP. This makes it possible for authenticated attackers with Subscriber-level access and above to create arbitrary PHP files on the server and achieve remote code execution.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/Admin/Admin.php#L107https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/PluginGenerator/PluginData.php#L97https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/PluginGenerator/PluginGenerator.php#L125https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/Admin/Admin.php#L107https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/PluginGenerator/PluginData.php#L97https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/PluginGenerator/PluginGenerator.php#L125https://www.wordfence.com/threat-intel/vulnerabilities/id/c43c060b-7a18-49ee-a753-ae1ed2f7e04d?source=cve

Dernières Vulnérabilités

CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type casting, then concatenating each array element directly into a `WHERE id IN ( ... )` clause without quoting and executing via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

VOIR DÉTAILS

CVE-2026-46331

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.

VOIR DÉTAILS

CVE-2026-10093

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

VOIR DÉTAILS