Product
An arbitrary file upload vulnerability, CVE-2026-13352, affects the ProfilePress plugin for WordPress up to version 4.16.18, allowing authenticated attackers with author-level privileges or higher to upload executable files, which can lead to remote code execution.