WordPress Plugin Arbitrary File Upload Vulnerability Allows Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

WordPress Plugin Arbitrary File Upload Vulnerability Allows Unauthorized Access

ECHO-4471-00bd-faf3

Summary

A security issue in a WordPress plugin allows attackers to upload any file to a WordPress site, potentially leading to unauthorized access or data tampering. This affects websites using the vulnerable plugin, which could result in sensitive data exposure or site compromise. Update the plugin to the latest version or remove and replace it to prevent potential issues.

What to do

Update openssl to version 3.0.19-1~deb12u2.

Affected software

Vendor	Product	Affected versions	Fix available
–	openssl	<= 3.0.19-1~deb12u2	3.0.19-1~deb12u2

Original title

ECHO-4471-00bd-faf3

https://advisory.echohq.com/cve/CVE-2026-28388 URL

Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026