Local File Inclusion Vulnerability in SeedProd Pro by SeedProd LLC
CVE-2026-48972

7.5HIGH

Key Information:

Vendor: WordPress
Status: Seedprod Pro
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-48972?

A vulnerability in SeedProd Pro has been identified, allowing improper control during file inclusion within PHP applications. This flaw enables unauthorized access to local files, which can lead to the exposure of sensitive data. The issue is specifically present in SeedProd Pro versions prior to 6.19.5. It is crucial for users of this plugin to apply necessary updates to safeguard their applications from potential exploitation.

Affected Version(s)

SeedProd Pro < 6.19.5

References

https://patchstack.com/database/wordpress/plugin/seedprod...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 26, 2026

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

CVE-2026-48972 Data

JSON

WordPress

What is CVE-2026-48972?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit