CVE-2025-14867

Name of the Vulnerable Software and Affected Versions The Flashcard plugin for WordPress versions up to and including 0.9

Description The Flashcard plugin for WordPress is susceptible to a Path Traversal issue. This affects versions up to and including 0.9 through the 'source' attribute within the 'flashcard' shortcode. Authenticated attackers possessing contributor-level access or higher can potentially read the contents of arbitrary files on the server, potentially exposing sensitive information. The vulnerable attribute is source.

Recommendations Update the Flashcard plugin to a version newer than 0.9.