CVE-2026-9062 – Agile Store Locator < 1.6.9 – Admin+ Arbitrary File Read via Path Traversal

CVE ID :CVE-2026-9062

Published : June 13, 2026, 7:16 a.m. | 23 minutes ago

Description :The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from the server, including configuration files that contain database credentials and authentication keys.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9134 – Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel

CVE-2026-9109 – GPTranslate

CVE-2026-9061 – Agile Store Locator < 1.6.9 – Admin+ Stored XSS via logo_name

CVE-2026-11769 – Operator – Namespaced User Path Traversal