Screenshot of BaseFortify CVE report page showing CVE-2026-4001 details, including description of remote code execution via eval(), CVSS score of 9.8, and affected WooCommerce plugin.

Technical details:

• CWE-95: eval() injection
• User input passed to PHP eval()
• No proper sanitization/escaping
• Works without authentication

Impact: Full server takeover

#Vulnerability #InfoSec #WordPressSecurity #CWE95