๐Ÿ” CVE Alert

CVE-2024-6228

HIGH 7.5

WANotifier < 2.6 - Subscriber+ LFI

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on the server.

Vendor unknown
Product notifications for forms & wordpress actions
Published Jul 6, 2026
Last Updated Jul 6, 2026
Stay Ahead of the Next One

Get instant alerts for unknown notifications for forms & wordpress actions

Be the first to know when new high vulnerabilities affecting unknown notifications for forms & wordpress actions are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Notifications for Forms & WordPress Actions
0 < 2.6

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/6382bfea-6265-4f4b-b26e-4219d9ed78aa/

Credits

Project Black WPScan