Cyber Resilience

CVE-2026-32414

HighRCE

Published: 13 March 2026

Published
13 March 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 20.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32414 is a high-severity Code Injection (CWE-94) vulnerability. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32414 is an Improper Control of Generation of Code ('Code Injection') vulnerability, classified under CWE-94, in the Advanced Woo Labels WordPress plugin developed by ILLID. The flaw allows Remote Code Inclusion and affects the advanced-woo-labels plugin in all versions from n/a through 2.36 inclusive. Published on 2026-03-13, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Exploitation requires network access and high privileges (PR:H), such as those held by an authenticated administrator, with low attack complexity and no user interaction needed. A successful attack enables remote code execution, granting the attacker high levels of control over confidentiality, integrity, and availability on the targeted WordPress site.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/advanced-woo-labels/vulnerability/wordpress-advanced-woo-labels-plugin-2-36-remote-code-execution-rce-vulnerability?_s_id=cve provides details on this remote code execution vulnerability in Advanced Woo Labels version 2.36, including recommended mitigations such as updating to a patched version beyond 2.36.

EU & UK References

Vulnerability details

Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

RCE via code injection in public-facing WordPress plugin directly maps to exploitation of public-facing application (T1190) and subsequent arbitrary command execution on Unix-hosted server (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-29955Shared CWE-94
CVE-2024-55964Shared CWE-94
CVE-2026-20045Shared CWE-94
CVE-2025-67038Shared CWE-94
CVE-2024-23921Shared CWE-94
CVE-2024-53944Shared CWE-94
CVE-2024-44722Shared CWE-94
CVE-2026-25001Shared CWE-94
CVE-2025-25680Shared CWE-94
CVE-2026-43680Shared CWE-94

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly eliminates the code-injection flaw by requiring the plugin to be updated beyond version 2.36.

prevent

Enforces validation of all input used to generate or include code, blocking the CWE-94 Remote Code Inclusion path.

prevent

Restricts the high-privilege (admin) accounts that can reach the vulnerable label-generation functions, reducing the attack surface.

References