Integrio Core
Monthly
Unauthenticated Local File Inclusion in the Integrio Core WordPress plugin (versions prior to 1.2.8) by webgeniuslab allows remote attackers to coerce the PHP application into including arbitrary local files, leading to source code disclosure, sensitive file exposure, and potentially remote code execution when log poisoning or upload primitives are available. The CVSS vector (AV:N/AC:H/PR:N/UI:N) reflects network-reachable, unauthenticated exploitation with high attack complexity, and no public exploit identified at time of analysis. The flaw is tracked by Patchstack and ENISA EUVD (EUVD-2026-37466) with a vendor-released patch in version 1.2.8.
Unauthenticated Local File Inclusion in the Integrio Core WordPress plugin (versions prior to 1.2.8) by webgeniuslab allows remote attackers to coerce the PHP application into including arbitrary local files, leading to source code disclosure, sensitive file exposure, and potentially remote code execution when log poisoning or upload primitives are available. The CVSS vector (AV:N/AC:H/PR:N/UI:N) reflects network-reachable, unauthenticated exploitation with high attack complexity, and no public exploit identified at time of analysis. The flaw is tracked by Patchstack and ENISA EUVD (EUVD-2026-37466) with a vendor-released patch in version 1.2.8.