CVE-2026-9290

EPSS 2.4%
Veröffentlicht 05.06.2026 23:28:26
Zuletzt bearbeitet 08.06.2026 14:57:14
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerwpusermanager

≫

Produkt WP User Manager – User Profile Builder & Membership

Default Statusunaffected

Version <= 2.9.17

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.4%	0.819

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.wordfence.com/threat-intel/vulnerabilities/id/7a5e08d8-c6ef-42a3-9599-28c3bfb35017?source=cve

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/templates/profile.php#L52

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/vendor-dist/gamajo/template-loader/class-gamajo-template-loader.php#L226

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/includes/functions.php#L955

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/vendor-dist/brain/cortex/src/Cortex/Router/Router.php#L183

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.17/includes/permalinks.php#L133

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/templates/profile.php#L52

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/vendor-dist/gamajo/template-loader/class-gamajo-template-loader.php#L226

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/includes/functions.php#L955

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/vendor-dist/brain/cortex/src/Cortex/Router/Router.php#L183

https://plugins.trac.wordpress.org/browser/wp-user-manager/tags/2.9.15/includes/permalinks.php#L133

https://github.com/WPUserManager/wp-user-manager/pull/445

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3554574%40wp-user-manager&new=3554574%40wp-user-manager&sfp_email=&sfph_mail=

https://nvd.nist.gov/vuln/detail/CVE-2026-9290

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-9290

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-9290

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-9290