CVE-2026-32426 | themelexus Medilazar Core Plugin up to 1.4.7 on WordPress filename control

Inserito da Angelo Barbosa | Mar 13, 2026 | CVE

A vulnerability was found in themelexus Medilazar Core Plugin up to 1.4.7 on WordPress. It has been classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is registered as CVE-2026-32426. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-32426 | themelexus Medilazar Core Plugin up to 1.4.7 on WordPress filename control

Post correlati

CVE-2024-22795 | Forescout SecureConnector 11.3.06.0063 Recheck Compliance Status permission

CVE-2024-8244 | Google Go filepath.Walk/filepath.WalkDir toctou

CVE-2024-4359 | Element Pack Elementor Addons Plugin up to 5.7.2 on WordPress path traversal

CVE-2024-11380 | Mini Program API Plugin up to 1.4.5 on WordPress cross site scripting