Skip to main content

Sw Core

1 CVEs product

Monthly

CVE-2026-39661 HIGH This Week

Local File Inclusion in Magentech SW Core WordPress plugin (versions through 1.7.18) allows authenticated remote attackers to coerce the application into including arbitrary PHP files via improperly validated filename input. Successful exploitation results in disclosure of sensitive server-side files and potential code execution under the web server context. No public exploit has been identified at time of analysis, and EPSS exploitation probability is low at 0.11%.

PHP Information Disclosure LFI Sw Core
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH This Week

Local File Inclusion in Magentech SW Core WordPress plugin (versions through 1.7.18) allows authenticated remote attackers to coerce the application into including arbitrary PHP files via improperly validated filename input. Successful exploitation results in disclosure of sensitive server-side files and potential code execution under the web server context. No public exploit has been identified at time of analysis, and EPSS exploitation probability is low at 0.11%.

PHP Information Disclosure LFI +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy