CVE Catalog

CVE-2026-57346

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The Embed Privacy plugin for WordPress contains a path traversal vulnerability that allows an attacker to access files outside the restricted directory. The issue affects versions from 1.0.0 through 1.12.3.

Risk Assessment

An attacker can read sensitive files on the server, such as database configuration or system files, potentially leading to data leakage and further compromise.

Recommendation

Immediately update the Embed Privacy plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS