CVE-2026-5957 | roxnor EmailKit Plugin up to 1.6.5 on WordPress templates create_template real_path path traversal

A vulnerability has been found in roxnor EmailKit Plugin up to 1.6.5 on WordPress and classified as critical. This affects the function create_template of the file wp-content/uploads/emailkit/templates/. Performing a manipulation of the argument real_path results in path traversal.

This vulnerability is reported as CVE-2026-5957. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More