CVE-2026-39655

CVE-2026-39655 applies to WordPress Mayosis Core plugin, affected through version 5.4.7. The issue is described as a Missing Authorization (Broken Access Control) vulnerability in TeconceTheme Mayosis Core, allowing exploitation due to incorrectly configured access control security levels. CVSS v...

CVE-2025-1565

The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remotedl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2025-1565

CVE-2025-1565 concerns the Mayosis Core WordPress plugin (versions ≤ 5.4.1). An Arbitrary File Read via library/wave-audio/peaks/remote_dl.php allows unauthenticated attackers to read server files containing sensitive data. Public advisories from Red Hat, NVD, CVE listings, and Patchstack corrobo...

PT-2025-17897 · WordPress · Mayosis Core

Name of the Vulnerable Software and Affected Versions: Mayosis Core plugin for WordPress versions up to, and including, 5.4.1 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, via the...