CVE-2026-9200 | shazdeh Query Shortcode Plugin up to 0.2.1 on WordPress filename control

A vulnerability marked as problematic has been reported in shazdeh Query Shortcode Plugin up to 0.2.1 on WordPress. This affects an unknown function of the component Shortcode Handler. Performing a manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is identified as CVE-2026-9200. The attack can be initiated remotely. There is not any exploit available.VulDB Recent EntriesRead More