CVE-2026-22372 | AncoraThemes Isida Plugin up to 1.4.2 on WordPress filename control

Inserito da Angelo Barbosa | Feb 20, 2026 | CVE

A vulnerability classified as critical has been found in AncoraThemes Isida Plugin up to 1.4.2 on WordPress. Impacted is an unknown function. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability appears as CVE-2026-22372. The attack may be initiated remotely. There is no available exploit.

CVE-2026-22372 | AncoraThemes Isida Plugin up to 1.4.2 on WordPress filename control

Post correlati

CVE-2024-36550 | idcCMS 1.35 vpsCompany_deal.php cross-site request forgery

CVE-2024-3366 | Xuxueli xxl-job up to 2.4.1 Template JdkSerializeTool.java deserialize injection (Issue 3391)

CVE-2025-5417 | Red Hat Developer Hub rhdh-hub-rhel9 privileges assignment

CVE-2024-28777 | IBM Cognos Controller/Controller deserialization