Product
A high-severity arbitrary file upload vulnerability, CVE-2026-13430, exists in all versions up to 1.13.1 of the Post Export Import with Media plugin for WordPress, allowing authenticated administrators to upload executable web shells via a trailing-dot filename bypass, leading to remote code execution.