Is PHP affected by EUVD-2026-13920?

Organizations using for WordPress is vulnerable to arbitrary file read via path traversal in all should be aware of moderate risk from CVE-2026-3474, a path traversal vulnerability rated CVSS 4.9. This could allow unauthorized file access.

EUVD-2026-13920

| CVE-2026-3474 MEDIUM

2026-03-20 Wordfence

4.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 20, 2026 - 23:46 vuln.today

EUVD ID Assigned

Mar 20, 2026 - 23:46 euvd

EUVD-2026-13920

CVE Published

Mar 20, 2026 - 23:25 nvd

MEDIUM 4.9

Description

The EmailKit - Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 1.6.3. This is due to the action() function in the TemplateData class passing user-supplied input from the 'emailkit-editor-template' REST API parameter directly to file_get_contents() without any path validation, sanitization, or restriction to an allowed directory. This makes it possible for authenticated attackers, with Administrator-level access, to read arbitrary files on the server (such as /etc/passwd or wp-config.php) by supplying a traversal path. The file contents are stored as post meta and can subsequently be retrieved via the fetch-data REST API endpoint. Notably, the CheckForm class in the same plugin implements proper path validation using realpath() and directory restriction, demonstrating that the developer was aware of the risk but failed to apply the same protections to the TemplateData endpoint.

Analysis

The EmailKit - Email Customizer for WooCommerce & WP WordPress plugin contains a path traversal vulnerability in the TemplateData class that allows authenticated administrators to read arbitrary files from the server via the 'emailkit-editor-template' REST API parameter. An attacker with Administrator privileges can exploit this flaw to access sensitive files such as wp-config.php or /etc/passwd by supplying directory traversal sequences, with the retrieved file contents stored as post metadata and retrievable through the fetch-data REST API endpoint. …

Remediation

Within 30 days: Identify affected systems running for WordPress is vulnerable to arbitrary file read via path and apply vendor patches as part of regular patch cycle. Review file handling controls.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +24

POC: 0

EUVD-2026-13920 vulnerability details – vuln.today

Back

EUVD-2026-13920

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-13920

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code