CVE-2026-4280 | doctorwp Breaking News WP Plugin up to 1.3 on WordPress AJAX Endpoint include brnwp_theme path traversal

A vulnerability was found in doctorwp Breaking News WP Plugin up to 1.3 on WordPress and classified as critical. This issue affects the function include of the component AJAX Endpoint. The manipulation of the argument brnwp_theme results in path traversal.

This vulnerability is cataloged as CVE-2026-4280. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More