What the vulnerability does
01Description
WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access sensitive files like system configuration and credentials.
Explanation of Vulnerability in Simple Terms
02Summary
WP with Spritz contains a remote code execution vulnerability accessible over the network without authentication. An attacker can execute arbitrary code on the affected site. The vulnerability affects versions 1.0 and requires no user interaction or special privileges to exploit.
What an attacker can do
03Attacker Capabilities
Run their own code on the site without authentication.
Potential impact on your site
04Site Impact
Complete compromise of the site; attacker can modify content, steal data, or take full control.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 17, 2026
CVE published
May 18, 2026
Record updated