A vulnerability categorized as critical has been discovered in Custom css-js-php Plugin up to 2.0.7 on WordPress. This impacts the function
eval. The manipulation results in code injection.
This vulnerability is known as CVE-2026-6433. It is possible to launch the attack remotely. No exploit is available.
