CVE-2025-52744 HIGH

CVE-2025-52744: WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Vendor Inpersttion
Product Inpersttion For Theme
Weakness CWE-94 · Code injection
Published February 20, 2026
Last update April 28, 2026

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0.

Explanation of Vulnerability in Simple Terms

02Summary

Inpersttion For Theme versions 1.0 and earlier contain a code injection vulnerability that allows authenticated users with low privileges to inject and execute arbitrary code on the site. The vulnerability has a high attack complexity requirement and affects confidentiality, integrity, and availability. The scope is changed, meaning the impact may extend beyond the vulnerable component itself.

What an attacker can do

03Attacker Capabilities

Inject and execute arbitrary code on the site with the privileges of an authenticated user.

Potential impact on your site

04Site Impact

An authenticated user can run malicious code on your site, potentially compromising data, modifying content, or affecting site availability.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege authenticated account; high attack complexity suggests specific conditions must be met.

Key dates

06Disclosure timeline

February 20, 2026 CVE published
April 28, 2026 Record updated