CVE-2026-40721 | Bdmes Element Pack Pro Plugin up to 9.0.6 on WordPress filename control

SecurityVulns

A vulnerability, which was classified as problematic, has been found in Bdmes Element Pack Pro Plugin up to 9.0.6 on WordPress. Affected is an unknown function. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability appears as CVE-2026-40721. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More