Plattform
wordpress
Komponente
formgent
Behoben in
1.7.1
CVE-2026-22460 describes an Arbitrary File Access vulnerability within the wpWax FormGent WordPress plugin. This flaw allows attackers to potentially read sensitive files on the server by manipulating file paths. The vulnerability impacts versions from 0.0.0 up to and including 1.7.0. A patch is expected to address this issue.
The Arbitrary File Access vulnerability in FormGent allows an attacker to bypass intended access controls and read arbitrary files on the server. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the WordPress site and potentially the underlying server. While the vulnerability description doesn't detail specific attack vectors, the path traversal nature suggests attackers could leverage specially crafted requests to access files outside the intended directory.
CVE-2026-22460 was publicly disclosed on 2026-03-05. As of this writing, no public proof-of-concept exploits are known. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation, but the HIGH CVSS score suggests a potential for exploitation if a readily available exploit is developed.
WordPress websites utilizing the wpWax FormGent plugin, particularly those running versions 0.0.0 through 1.7.0, are at risk. Shared hosting environments where server file permissions are less restrictive are especially vulnerable. Sites with sensitive data stored in configuration files or accessible via the web server are also at higher risk.
• wordpress / composer / npm:
grep -r '../' /var/www/html/wp-content/plugins/formgent/*• generic web:
curl -I 'https://your-wordpress-site.com/wp-content/plugins/formgent/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22460 is to upgrade to a patched version of FormGent as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. These may include restricting file access permissions on the server, implementing a Web Application Firewall (WAF) rule to block suspicious path traversal attempts (e.g., requests containing '../' sequences), and carefully reviewing FormGent's configuration for any potential vulnerabilities. Monitor WordPress logs for unusual file access patterns.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle im Detail und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22460 is a HIGH severity vulnerability in wpWax FormGent allowing attackers to read arbitrary files on a WordPress server due to improper path validation.
You are affected if you are using wpWax FormGent versions 0.0.0 through 1.7.0. Upgrade as soon as a patch is available.
Upgrade to a patched version of FormGent. Until a patch is released, implement temporary workarounds like WAF rules and restricted file permissions.
As of the disclosure date, there are no known active exploits, but monitoring is recommended.
Check the wpWax website and WordPress plugin repository for updates and advisories related to CVE-2026-22460.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.