PT-2026-7480 · WordPress · Lucky Wheel Giveaway

Nguyen Truong

Publicado

2026-02-11

Atualizado

2026-02-16

CVE-2025-14541

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lucky Wheel Giveaway plugin for WordPress versions prior to 1.0.23

Description The Lucky Wheel Giveaway plugin for WordPress is susceptible to Remote Code Execution. This is due to the use of PHP’s eval() function on user-controlled input without sufficient validation or sanitization. An authenticated attacker with Administrator-level access or higher can execute code on the server through the conditional tags parameter.

Recommendations Update the Lucky Wheel Giveaway plugin to version 1.0.23 or later.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2025-14541

Produtos afetados

Lucky Wheel Giveaway

PT-2026-7480 · WordPress · Lucky Wheel Giveaway

CVE-2025-14541

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6