A vulnerability, which was classified as problematic, was found in WebFactory Under Construction Page Plugin up to 5.76 on WordPress. This issue affects some unknown processing of the component Template. Executing a manipulation of the argument template_thumbnail can lead to path traversal.

This vulnerability is tracked as CVE-2026-11426. The attack can be launched remotely. No exploit exists.