CVE-2026-56055
published 2026-06-26CVE-2026-56055: Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.39%
30.9th percentile
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inspirythemes | realhomes | n/a – 4.5.3 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Inspirymes RealHomes Plugin up to 4.5.3 on WordPress deserialization (EUVD-2026-39710)
vuldb·2026-06-28·CVSS 8.8
CVE-2026-56055 [HIGH] Inspirymes RealHomes Plugin up to 4.5.3 on WordPress deserialization (EUVD-2026-39710)
A vulnerability was found in Inspirymes RealHomes Plugin up to 4.5.3 on WordPress and classified as critical. Affected by this issue is some unknown functionality. Such manipulation leads to deserialization.
This vulnerability is referenced as CVE-2026-56055. It is possible to launch the attack remotely. No exploit is available.
GHSA
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
ghsa_unreviewed·2026-06-26
CVE-2026-56055 [HIGH] CWE-502 Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-26
Published