CVE-2026-14327
Last modified
CVE-2026-14327 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Exploitation requires an attacker to first obtain a valid nonce and secure nonce via the publicly accessible ar_get_fresh_nonce and ar_process_user_image nopriv AJAX handlers, and to reproduce the encryption key locally — both steps are fully achievable by an unauthenticated attacker on any default free or unlicensed installation where ar_licence_key is unset.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| webandprint | AR for WordPress | <= 8.40 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-14327?
How severe is CVE-2026-14327?
How do I fix CVE-2026-14327?
Related CVEs from 2026
- CVE-2026-1428Single Sign-On Portal System developed by WellChoose has a O…8.8
- CVE-2026-1429Single Sign-On Portal System developed by WellChoose has a R…5.4
- CVE-2026-1430The WP Lightbox 2 WordPress plugin before 3.0.7 does not san…4.8
- CVE-2026-1431The Booking Calendar plugin for WordPress is vulnerable to u…5.3
- CVE-2026-1432SQL injection vulnerability in the Buroweb platform version …9.3
- CVE-2026-14324RAOP module accepts unbounded Content-Length values and does…6.5
- CVE-2026-1433uniFLOW Universal Login Manager (ULM) Standalone contains an…4.8
- CVE-2026-14330Multiple unbounded alloca() calls in the PulseAudio protocol…5.5
- CVE-2026-14336PIA's OIDC issuer allowlist for Jenkins tokens uses a bare s…8.2
- CVE-2026-1434Omega-PSIR is vulnerable to Reflected XSS via the lang param…6.1
- CVE-2026-14340An incorrect authorization vulnerability was identified in G…5
- CVE-2026-14342The Mail Mint – Email Marketing, Newsletter, Email Automatio…4.9
Are you affected by CVE-2026-14327?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
