CVE-2026-2448

Name of the Vulnerable Software and Affected Versions Page Builder by SiteOrigin versions prior to 2.33.5

Description The Page Builder by SiteOrigin plugin for WordPress is susceptible to a Local File Inclusion issue. This allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. The locate template() function is the point of entry for this issue. Successful exploitation can lead to bypassing access controls, obtaining sensitive data, or achieving code execution through the inclusion of files, potentially including uploaded images and other file types.

Recommendations Update Page Builder by SiteOrigin to version 2.33.5 or later.