PT-2026-55863 · WordPress · Notifications For Forms & Wordpress Actions

Project Black

·

Published

2026-07-06

·

Updated

2026-07-06

·

CVE-2024-6228

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Notifications for Forms & WordPress Actions versions prior to 2.6
Description Authenticated users with subscriber-level access and above can include and execute arbitrary local PHP files on the server. This occurs because the plugin fails to validate a user-supplied value used to construct a server-side file inclusion path. Server-side file inclusion is a flaw that allows an attacker to force the application to include a file from the local file system.
Recommendations Update to version 2.6 or later.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2024-6228

Affected Products

Notifications For Forms & Wordpress Actions