We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2026-1969

CVE-2026-1969

WordPress

Severity: MEDIUM
CVSS: 5.3CVSS
Published: 2026-03-23
Last modified: 2026-03-23
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-434

Description

The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448

References

https://wpscan.com/vulnerability/762530ae-80a5-4ff8-9725-6adab9498c33/

Summary

Description

References