CRITICAL
WPLocker
CVE published 2026-06-17
CVE-2025-60218
A critical vulnerability (CVSS score: 9.9) was discovered in the PT Luxa Addons plugin for WordPress, version 1.2.2 and earlier. This vulnerability allows subscribers to upload arbitrary files, potentially leading to severe consequences, including code execution and data breaches. The vulnerability was made public on June 17, 2026. Users of the affected plugin should take immediate action to mitigate the risk.