CVE-2026-4328 | addonspress Advanced Import Plugin up to 1.4.6 on WordPress AJAX wp_remote_get demo_file server-side request forgery

Inserito da Angelo Barbosa | Giu 19, 2026 | CVE

A vulnerability was found in addonspress Advanced Import Plugin up to 1.4.6 on WordPress. It has been declared as critical. This affects the function wp_remote_get of the component AJAX Handler. The manipulation of the argument demo_file results in server-side request forgery.

This vulnerability is identified as CVE-2026-4328. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.

CVE-2026-4328 | addonspress Advanced Import Plugin up to 1.4.6 on WordPress AJAX wp_remote_get demo_file server-side request forgery

Post correlati

CVE-2025-52546 | Copeland LP E3 Supervisory Control up to 2.31F00 Floor Plan unrestricted upload

CVE-2025-13648 | Microcom ZeusWeb 6.1.31 My Account Page Name/Surname cross site scripting

CVE-2026-21643 | Fortinet FortiClientEMS 7.4.4 sql injection (FG-IR-25-1142)

CVE-2024-1961 | vertaai modeldb File Upload artifact_path path traversal