PatchSiren

SeedProd LLC CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH SeedProd LLC CVE published 2026-05-27

CVE-2026-48972

A PHP Local File Inclusion (LFI) vulnerability exists in SeedProd Pro, a WordPress plugin developed by SeedProd LLC. The vulnerability stems from improper control of filenames in include/require statements (CWE-98), allowing attackers with low privileges to include and execute arbitrary local files on the server. This can lead to information disclosure, code execution, or complete system compromise depend [truncated]