CVE-2026-57647
HighCVSS 7.5Summary
The Panorama Viewer – 360 Degree Image + Video Viewer plugin version 1.6.1 and earlier contains a Local File Inclusion (LFI) vulnerability exploitable by contributors. This allows an attacker with contributor privileges to read sensitive files on the server.
Risk Assessment
The risk involves potential leakage of confidential data, such as configuration files or passwords, which could lead to further attack escalation.
Recommendation
Immediately update the plugin to the latest available version that fixes this vulnerability. If an update is not possible, restrict contributor permissions or temporarily disable the plugin.
Original NVD description (English source)
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.

