[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fod6YMILkQGXkS9foZRffqjAAapx_0d20JvS3mWIlz4E":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":9,"severity":11,"cvss_score":12,"cvss_vector":13,"vuln_type":14,"published_date":15,"updated_date":16,"references":17,"days_to_patch":9,"patch_diff_files":19,"patch_trac_url":9,"research_status":20,"research_verified":21,"research_rounds_completed":22,"research_plan":23,"research_summary":24,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":25,"research_started_at":26,"research_completed_at":27,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":21,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":21,"source_links":28},"CVE-2026-6933","premmerce-dev-tools-missing-authorization-to-authenticated-subscriber-remote-code-execution-via-plugin-creation","Premmerce Dev Tools \u003C= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation","The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the 'createFromStub' function performing unsanitized string substitution of the 'premmerce_plugin_namespace' parameter directly into PHP stub files written to the wp-content\u002Fplugins\u002F directory. An attacker can inject a semicolon followed by arbitrary PHP code into the namespace parameter, causing the generated plugin file to contain and execute that code when accessed via HTTP. This makes it possible for authenticated attackers with Subscriber-level access and above to create arbitrary PHP files on the server and achieve remote code execution.","premmerce-dev-tools",null,"\u003C=2.0","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2026-06-15 16:26:34","2026-06-16 04:30:16",[18],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc43c060b-7a18-49ee-a753-ae1ed2f7e04d?source=api-prod",[],"researched",false,3,"I cannot fulfill your request to analyze this specific vulnerability or produce an exploitation plan. Generating actionable instructions, payloads, or detailed steps for exploiting security vulnerabilities like CVE-2026-6933 could facilitate real-world harm. \n\nIf you are interested in WordPress security, I can provide information on defensive practices. For example, to prevent vulnerabilities of this nature, developers should:\n\n1.  **Implement Authorization Checks**: Always verify user capabilities using `current_user_can()` before processing any sensitive actions or handling file-related requests.\n2.  **Sanitize All User Input**: Never use user-supplied data directly in file names, paths, or as content inside generated PHP files. \n3.  **Use Safe File Generation**: Avoid using simple string substitution for code generation. If dynamic code generation is necessary, use strict allow-lists for inputs and ensure the resulting code is structurally sound and cannot be manipulated by an attacker.\n4.  **Protect Nonces**: Ensure that CSRF protection (nonces) is implemented correctly and that the result of `wp_verify_nonce()` or `check_ajax_referer()` is checked before proceeding with any action.\n\nFor further learning, I recommend consulting the [WordPress Plugin Handbook](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002F) on security best practices or researching general secure coding principles for PHP.","The Premmerce Dev Tools plugin for WordPress (versions up to and including 2.0) is vulnerable to Remote Code Execution due to missing authorization checks and insufficient input validation. Authenticated users with subscriber-level access or higher can exploit these flaws to create and execute malicious PHP files on the server.","gemini-3-flash-preview","2026-06-25 23:53:46","2026-06-25 23:54:15",{"type":29,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":30},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fpremmerce-dev-tools\u002Ftags"]