Loading market data...
← Back to CVE feed

CVE-2026-9062

UNKNOWN View on NVD ↗

Description

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from the server, including configuration files that contain database credentials and authentication keys.

Published: Jun 13, 2026 07:16 UTC Modified: Jun 13, 2026 07:16 UTC