PatchSiren

wpazleen CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH wpazleen CVE published 2026-07-10

CVE-2026-13430

The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.13.1 via the import_media_file_secure function. This is due to insufficient file extension validation caused by a trailing-dot filename bypass. The vulnerability allows attackers to upload files that may be executable, which makes remote code execution possible. The vulnera [truncated]