CVE-2026-9290 in WP User Manager Plugininfo

Zusammenfassung

von MITRE • 06.06.2026

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Wordfence

Reservieren

22.05.2026

Veröffentlichung

06.06.2026

Moderieren

akzeptiert

Eintrag

VDB-369027

CPE

bereit

CWE

CWE-22 (bestätigt)

CVSS

7.5 (CNA)

EPSS

0.00447

KEV

nein

Aktivitäten

low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9290
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9290
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9290/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!