Medilazar Core

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-32426 HIGH This Week

A PHP remote file inclusion vulnerability exists in themelexus Medilazar Core WordPress plugin that allows attackers to include arbitrary PHP files from local or remote sources, potentially leading to remote code execution. The vulnerability affects all versions of Medilazar Core prior to 1.4.7 and requires low privileges but high attack complexity to exploit. While not currently listed in CISA KEV or showing high EPSS scores, the potential for code execution makes this a serious concern for WordPress sites using this medical/healthcare theme framework.

Information Disclosure PHP Lfi Medilazar Core
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-32426
EPSS 0% CVSS 7.5
HIGH This Week

A PHP remote file inclusion vulnerability exists in themelexus Medilazar Core WordPress plugin that allows attackers to include arbitrary PHP files from local or remote sources, potentially leading to remote code execution. The vulnerability affects all versions of Medilazar Core prior to 1.4.7 and requires low privileges but high attack complexity to exploit. While not currently listed in CISA KEV or showing high EPSS scores, the potential for code execution makes this a serious concern for WordPress sites using this medical/healthcare theme framework.

Information Disclosure PHP Lfi +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy