CVE Catalog

CVE-2026-39591

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

In WP-BusinessDirectory versions <= 4.0.0, there is a vulnerability that allows subscribers to upload arbitrary files.

Risk Assessment

An attacker could exploit this vulnerability to upload malicious files, potentially leading to server takeover or data leakage.

Recommendation

It is recommended to update WP-BusinessDirectory to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS