A vulnerability was found in PluginUs.Net MDTF Plugin up to 1.3.8 on WordPress and classified as problematic . This impacts an unknown function. Executing a manipulation can lead to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability appears as CVE-2026-54845 . The attack may be performed from remote. There is no available exploit.