Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through <= 6.7.0.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Automattic |
|
| Wordpress |
|
No data.
No data.
References
History
Tue, 24 Feb 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 23 Feb 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Automattic
Automattic jetpack Crm Wordpress Wordpress wordpress |
|
| Vendors & Products |
Automattic
Automattic jetpack Crm Wordpress Wordpress wordpress |
Fri, 20 Feb 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through <= 6.7.0. | |
| Title | WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability | |
| Weaknesses | CWE-98 | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: Patchstack
Published: 2026-02-20T15:47:01.362Z
Updated: 2026-02-24T20:06:17.125Z
Reserved: 2026-01-07T12:21:24.564Z
Link: CVE-2026-22356
Vulnrichment
Updated: 2026-02-24T20:06:10.722Z
NVD
Status : Awaiting Analysis
Published: 2026-02-20T16:22:34.693
Modified: 2026-02-24T21:16:26.573
Link: CVE-2026-22356
Redhat
No data.