{"uuid": "dea3362d-7860-4457-8ba7-c51db8f130fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "seen", "source": "https://t.me/htfgtps/1093", "content": "CVE-2026-3891\nThe Pix for WooCommerce plugin for\nWordPress is vulnerable to arbitrary file\nuploads due to missing capability check\nand missing file type validation in the\n'Iknpixforwoocommercec6savesettings'\nfunction in all versions up to, and including,\n1.5.0. This makes it possible for\nunauthenticated attackers to upload\narbitrary files on the affected site's server\nwhich may make remote code execution\npossible.\nGitHub Link:\nhttps://github.com/AnggaTechl/Mass-Scanner-CVE-2026-3891", "creation_timestamp": "2026-05-09T14:47:51.000000Z"}