Skip to main content

Softlab Core

1 CVEs product

Monthly

CVE-2026-34895 HIGH PATCH This Week

Unauthenticated local file inclusion in Softlab Core WordPress plugin versions before 1.2.11 allows remote attackers to read or include arbitrary local files on the server, potentially leading to sensitive information disclosure or remote code execution if attacker-controlled content can be reached. The flaw is reported by Patchstack and tagged as PHP/LFI affecting the WebGeniusLab Softlab Core plugin used in WordPress deployments. No public exploit identified at time of analysis, though the unauthenticated nature and high CVSS impact warrant prompt patching.

PHP Information Disclosure LFI Softlab Core
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Unauthenticated local file inclusion in Softlab Core WordPress plugin versions before 1.2.11 allows remote attackers to read or include arbitrary local files on the server, potentially leading to sensitive information disclosure or remote code execution if attacker-controlled content can be reached. The flaw is reported by Patchstack and tagged as PHP/LFI affecting the WebGeniusLab Softlab Core plugin used in WordPress deployments. No public exploit identified at time of analysis, though the unauthenticated nature and high CVSS impact warrant prompt patching.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy