Unauthenticated Path Traversal Vulnerability in FastDup Product by WordPress
CVE-2026-52703

9.6CRITICAL

Key Information:

Vendor: WordPress
Status: Fastdup
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-52703?

The FastDup plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit path traversal issues in versions up to 2.7.2. This flaw might enable the unauthorized access of files within the server, posing a substantial risk to the security of the web application and potentially exposing sensitive information.

Affected Version(s)

FastDup <= 2.7.2

References

https://patchstack.com/database/wordpress/plugin/fastdup/...

vdb-entry

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

R2D2 | Patchstack Bug Bounty Program

CVE-2026-52703 Data

JSON