CVE Catalog
CVE-2026-39591
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk0.47%
37th percentile — higher than 37% of all known CVEs
Summary
In WP-BusinessDirectory versions <= 4.0.0, there is a vulnerability that allows subscribers to upload arbitrary files.
Risk Assessment
An attacker could exploit this vulnerability to upload malicious files, potentially leading to server takeover or data leakage.
Recommendation
It is recommended to update WP-BusinessDirectory to the latest version to mitigate this vulnerability.
Original NVD description (English source)
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.

