Product
The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion (CVE-2026-9200) in versions up to 0.2.1, allowing authenticated attackers with contributor-level access and above to include and execute arbitrary PHP files on the server, potentially leading to privilege escalation and code execution.