CRITICAL
WP User Manager
CVE published 2026-06-15
CVE-2026-49766
CVE-2026-49766 is a critical vulnerability in the WP User Manager plugin for WordPress, affecting versions up to and including 2.9.16. This vulnerability allows a subscriber to delete arbitrary files on the server, potentially leading to significant impacts such as data loss, defacement, or even code execution if sensitive files are targeted.