What is CVE-2026-9662?

CVE-2026-9662 is a high-severity vulnerability, classified under PHP Remote File Inclusion. CVSS score: 8.1/10. Published 2026-06-09.

How severe is CVE-2026-9662?

High severity. CVSS v3 base score is 8.1 out of 10.

CVE-2026-9662

CVE-2026-9662

The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled `tpf` POST parameter befo…

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Weakness classification (CWE)

CWE-98 — PHP Remote File Inclusion

References

security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com

Frequently asked questions

What is CVE-2026-9662?: CVE-2026-9662 is a high-severity vulnerability, classified under PHP Remote File Inclusion. CVSS score: 8.1/10. Published 2026-06-09.
How severe is CVE-2026-9662?: High severity. CVSS v3 base score is 8.1 out of 10.