CVE-2026-57700
Deferred Deferred - Pending Action
Unrestricted File Upload in OMGF Pro

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57700
EUVD
EUVD-2026-39538
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
daan_dev omgf_pro to 5.2.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to upload malicious files, including backdoors, which can lead to unauthorized access to the website. Such unauthorized access and potential data breaches could result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.

Because the vulnerability enables injection attacks without authentication, it poses a significant risk to data confidentiality, integrity, and availability, all of which are critical requirements under these regulations.

Therefore, failure to patch this vulnerability or mitigate it could lead to violations of regulatory requirements concerning data protection and security.

Executive Summary

CVE-2026-57700 is an Arbitrary File Upload vulnerability in the WordPress OMGF Pro Plugin, specifically versions 5.2.6 and earlier. This flaw allows attackers to upload malicious files, including dangerous types such as backdoors, without any authentication.

Because the vulnerability requires no user interaction and has a low attack complexity, it is highly exploitable and considered extremely dangerous.

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized access to your website by allowing attackers to upload malicious files.

These malicious files can act as backdoors, enabling attackers to execute arbitrary code, compromise data integrity, steal sensitive information, or disrupt website availability.

Given the high severity score of 10.0, the impact is critical and can result in full system compromise.

Detection Guidance

This vulnerability involves an arbitrary file upload issue in the OMGF Pro WordPress plugin versions 5.2.6 and earlier, allowing attackers to upload malicious files without authentication.

Detection can involve monitoring for suspicious file uploads or unexpected files in the web server directories, especially files that could act as backdoors.

While no specific commands are provided in the resources, general detection steps include:

  • Checking web server logs for POST requests to the plugin upload endpoints.
  • Searching the web root and upload directories for recently added or modified files with suspicious extensions or names.
  • Using commands like `grep` to find suspicious PHP or other executable files, for example: `grep -ril "<?php" /path/to/wordpress/wp-content/uploads/`.
  • Monitoring network traffic for unusual upload activity targeting the plugin.
Mitigation Strategies

The primary immediate mitigation step is to update the OMGF Pro plugin to version 5.2.7 or later, which contains the patch for this vulnerability.

If updating immediately is not possible, it is recommended to apply the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Additionally, seeking assistance from your hosting provider or a web developer to implement temporary protections or monitoring is advised.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57700. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart