CVE-2026-39558 | Elated-mes Malmö Plugin up to 2.2 on WordPress filename control

SecurityVulns

A vulnerability described as problematic has been identified in Elated-mes Malmö Plugin up to 2.2 on WordPress. The impacted element is an unknown function. Executing a manipulation can lead to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is registered as CVE-2026-39558. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More