PT-2026-55863 · WordPress · Notifications For Forms & Wordpress Actions
Project Black
·
Published
2026-07-06
·
Updated
2026-07-06
·
CVE-2024-6228
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Notifications for Forms & WordPress Actions versions prior to 2.6
Description
Authenticated users with subscriber-level access and above can include and execute arbitrary local PHP files on the server. This occurs because the plugin fails to validate a user-supplied value used to construct a server-side file inclusion path. Server-side file inclusion is a flaw that allows an attacker to force the application to include a file from the local file system.
Recommendations
Update to version 2.6 or later.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Notifications For Forms & Wordpress Actions