CVE-2026-57700
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
The OMGF Pro WordPress plugin contains an unrestricted file upload vulnerability with dangerous file types, allowing an attacker to upload malicious files to the server. The issue affects versions from n/a through 5.2.6.
Risk Assessment
An attacker can upload a malicious file (e.g., PHP script) and execute it on the server, leading to site takeover, data theft, or further attack propagation.
Recommendation
Immediately update the OMGF Pro plugin to a version newer than 5.2.6 once the vendor releases a patch. Until then, restrict access to the WordPress admin panel.
Original NVD description (English source)
Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6.

