HIGH
Magentech
CVE published 2026-05-26
CVE-2026-39661
A PHP Local File Inclusion (LFI) vulnerability exists in Magentech SW Core, a WordPress plugin component. The vulnerability stems from improper control of filenames in include/require statements (CWE-98), allowing attackers with low privileges to include local files via network access. Affected versions span from initial release through 1.7.18. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) ind [truncated]