Path Traversal Vulnerability in Epiphyt Embed Privacy Plugin
CVE-2026-57346

7.1HIGH

Key Information:

Vendor: WordPress
Status: Embed Privacy
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-57346?

The Epiphyt Embed Privacy plugin for WordPress is susceptible to a Path Traversal vulnerability that enables attackers to access restricted directories. This exposes sensitive files and can lead to unauthorized data access or modification. It is crucial for users of the affected versions (from n/a through 1.12.3) to implement necessary updates or mitigation strategies to safeguard their web applications. Proper security measures should be taken to prevent exploitation of this vulnerability.

Affected Version(s)

Embed Privacy <= 1.12.3

References

https://patchstack.com/database/wordpress/plugin/embed-pr...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 24, 2026

Credit

daroo | Patchstack Bug Bounty Program

CVE-2026-57346 Data

JSON