FormGent Path Traversal Vulnerability Exposes Sensitive Server Files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.6

FormGent Path Traversal Vulnerability Exposes Sensitive Server Files

CVE-2026-22460

Summary

A security issue in FormGent plugins allows an attacker to access sensitive files on the server. This could lead to unauthorized data exposure or even server takeover. Update to version 1.4.3 or later to fix this issue.

Original title

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.4.2.

Original description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.4.2.

Vulnerability type

CWE-22 Path Traversal

https://patchstack.com/database/Wordpress/Plugin/formgent/vulnerability/wordpres...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026