Description
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
Published: 2026-06-16
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated user can trigger a Local File Inclusion vulnerability in the WordPress Integrio Core plugin before version 1.2.8. The flaw allows the attacker to read arbitrary files or potentially execute code by including local files through crafted input. This vulnerability is classified as CWE‑98, affecting confidentiality and potentially integrity of the site.

Affected Systems

The affected product is the WebGeniusLab Integrio Core WordPress plugin. All installations using version 1.2.7 or earlier are vulnerable. No specific minor versions are listed, so any release below 1.2.8 should be considered at risk.

Risk and Exploitability

The CVSS score is 8.1, indicating a high severity. The EPSS score is less than 1 %, suggesting a low likelihood of exploitation, and the vulnerability has not been listed in the CISA KEV catalog. The attack does not require authentication but relies on the plugin’s handling of local file paths, meaning the attacker must be able to send crafted requests to the vulnerable plugin endpoint. Given the high severity but low exploitation probability, administrators should prioritize patching but remain vigilant for any new indicators of exploitation.

Generated by OpenCVE AI on June 17, 2026 at 19:40 UTC.

Remediation

Vendor Solution

Update the WordPress Integrio Core Plugin to the latest available version (at least 1.2.8).


OpenCVE Recommended Actions

  • Upgrade the Integrio Core plugin to version 1.2.8 or later.
  • If an upgrade cannot be performed immediately, disable the plugin or remove it from the site until a patch is available.
  • Ensure that any file inclusion parameters are properly sanitized or remove exposed include functionality.

Generated by OpenCVE AI on June 17, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Webgeniuslab
Webgeniuslab integrio Core
Wordpress
Wordpress wordpress
Vendors & Products Webgeniuslab
Webgeniuslab integrio Core
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
Title WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability
Weaknesses CWE-98
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Webgeniuslab Integrio Core
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T10:43:40.711Z

Reserved: 2026-03-31T09:57:17.719Z

Link: CVE-2026-34894

cve-icon Vulnrichment

Updated: 2026-06-17T10:43:36.146Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:04:00Z

Weaknesses
  • CWE-98

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')