VYPR

Nexter Extension – Site Enhancements Toolkit

by WordPress

CVEs (1)

  • CVE-2026-0726HigJan 20, 2026
    risk 0.53cvss 8.1epss 0.00

    The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxt_unserialize_replace' function. This makes it possible for unauthenticated…