EIP-2026-113918

The exploit describes a Local File Inclusion (LFI) vulnerability in the WordPress plugin 'website contact form with file upload' version 1.5. The vulnerability arises from improper file inclusion in the 'image-processor.php' file, allowing an attacker to include arbitrary PHP files on the system via path traversal.