CVE-2026-11367 | andrasweb PixMagix Plugin up to 1.7.2 on WordPress REST Endpoint copy layers[].id path traversal

Inserito da Angelo Barbosa | Giu 30, 2026 | CVE

A vulnerability, which was classified as critical, was found in andrasweb PixMagix Plugin up to 1.7.2 on WordPress. Affected by this issue is the function copy of the component REST Endpoint. Executing a manipulation of the argument layers[].id can lead to path traversal.

This vulnerability is tracked as CVE-2026-11367. The attack can be launched remotely. No exploit exists.

CVE-2026-11367 | andrasweb PixMagix Plugin up to 1.7.2 on WordPress REST Endpoint copy layers[].id path traversal

Post correlati

CVE-2024-10285 | ce21com CE21 Suite Plugin up to 2.2.0 on WordPress plugin-log.txt information disclosure

CVE-2024-34671 | Samsung Internet up to 26.0.3.0 Translation implicit intent

CVE-2024-5451 | The7 Plugin up to 11.13.0 on WordPress URL Attribute cross site scripting

CVE-2026-30616 | Jaaz 1.0.30 MCP STDIO Command privilege escalation