CVE-2026-9062

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-9062

Affected Products

Undefined

CVE-2026-9062

Related Identifiers

Affected Products

References · 2