CVE-2026-11426
CVE-2026-11426 concerns the UnderConstructionPage PRO plugin for WordPress. The vulnerability, present in all versions up to 5.76, allows Arbitrary File Read via the template_thumbnail parameter, where local file paths are copied into a publicly accessible uploads file. This permits authenticated...