HIGH
premmerce
CVE published 2026-06-16
CVE-2026-6933
The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution (RCE) due to a missing authorization check in the 'generatePluginHandler' function and unsanitized string substitution in the 'createFromStub' function. This allows authenticated attackers with Subscriber-level access and above to inject arbitrary PHP code, leading to RCE.