CVE Catalog

CVE-2026-57700

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

The OMGF Pro WordPress plugin contains an unrestricted file upload vulnerability with dangerous file types, allowing an attacker to upload malicious files to the server. The issue affects versions from n/a through 5.2.6.

Risk Assessment

An attacker can upload a malicious file (e.g., PHP script) and execute it on the server, leading to site takeover, data theft, or further attack propagation.

Recommendation

Immediately update the OMGF Pro plugin to a version newer than 5.2.6 once the vendor releases a patch. Until then, restrict access to the WordPress admin panel.

Original NVD description (English source)

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS