A vulnerability categorized as critical has been discovered in Custom css-js-php Plugin up to 2.0.7 on WordPress. This impacts the function eval . The manipulation results in code injection. This vulnerability is known as CVE-2026-6433 . It is possible to launch the attack remotely. No exploit is available.