CVE-2024-6228
WANotifier < 2.6 - Subscriber+ LFI
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on the server.
| Vendor | unknown |
| Product | notifications for forms & wordpress actions |
| Published | Jul 6, 2026 |
| Last Updated | Jul 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown notifications for forms & wordpress actions
Be the first to know when new high vulnerabilities affecting unknown notifications for forms & wordpress actions are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Notifications for Forms & WordPress Actions
0 < 2.6
References
Credits
Project Black WPScan