{"uuid": "a5d805f6-d6f4-4845-b8e3-4d78ce063cdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-6433", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116554768732916983", "content": "\ud83d\udea8 CRITICAL: CVE-2026-6433 in Custom css-js-php <=2.0.7 enables unauthenticated PHP code execution via flawed input handling. No patch or exploit in the wild yet. Disable/remove plugin now. https://radar.offseq.com/threat/cve-2026-6433-cwe-94-improper-control-of-generatio-3ad54b4b #OffSeq #WordPress #vuln #WebSecurity", "creation_timestamp": "2026-05-11T07:30:41.698016Z"}