CVE-2026-1620 | Livemesh Livemesh Addons by Elementor Plugin up to 9.0 on WordPress Template Name lae_get_template_part filename control

Inserito da Angelo Barbosa | Apr 16, 2026 | CVE

A vulnerability was found in Livemesh Livemesh Addons by Elementor Plugin up to 9.0 on WordPress. It has been classified as critical. Impacted is the function lae_get_template_part of the component Template Name Handler. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is handled as CVE-2026-1620. The attack can be initiated remotely. There is not any exploit available.

CVE-2026-1620 | Livemesh Livemesh Addons by Elementor Plugin up to 9.0 on WordPress Template Name lae_get_template_part filename control

Post correlati

CVE-2024-53702 | SonicWall SMA100 up to 10.2.1.13-72sv weak prng (SNWLID-2024-0018)

CVE-2024-12636 | Privacy Policy Generator, Terms & Conditions Generator Plugin cross-site request forgery

CVE-2024-1384 | Premium Portfolio Features for Phlox Theme up to 2.3.3 on WordPress cross site scripting

CVE-2024-9329 | Eclipse Glassfish up to 7.0.16 /management/domain Host parameters