CVE Catalog
CVE-2026-57346
HighCVSS 7.1Summary
The Embed Privacy plugin for WordPress contains a path traversal vulnerability that allows an attacker to access files outside the restricted directory. The issue affects versions from 1.0.0 through 1.12.3.
Risk Assessment
An attacker can read sensitive files on the server, such as database configuration or system files, potentially leading to data leakage and further compromise.
Recommendation
Immediately update the Embed Privacy plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3.

