CVE-2025-13070

Name of the Vulnerable Software and Affected Versions CSV to SortTable WordPress plugin versions through 4.2

Description The software does not properly check certain shortcode attributes before using them to create file paths that are then used with include functions. This allows users with contributor-level access to potentially perform Local File Inclusion (LFI) attacks.

Recommendations Update to a version beyond 4.2.