Local File Inclusion Vulnerability in Panorama Viewer by WordPress
CVE-2026-57647

7.5HIGH

Key Information:

Vendor: WordPress
Status: Panorama Viewer – 360 Degree Image + Video Viewer
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-57647?

The Panorama Viewer plugin, versions up to 1.6.1, has a vulnerability that allows attackers to exploit local file inclusion. This issue could enable malicious users to gain unauthorized access to sensitive files on the server, potentially leading to further exploitation of the website's infrastructure. It is crucial for users of this plugin to apply recommended patches and updates to mitigate the risk.

Affected Version(s)

Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1

References

https://patchstack.com/database/wordpress/plugin/panorama...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 25, 2026

Credit

endy | Patchstack Bug Bounty Program

CVE-2026-57647 Data

JSON