Lvt-Tholv2K
·
Published
2025-06-09
·
Updated
2025-06-09
·
CVE-2025-48125
8.1
High
| Base vector | Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
WP Event Manager versions 3.1.49 and earlier
Description:
The issue affects WP Event Manager, allowing PHP Local File Inclusion due to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion'.
Recommendations:
For WP Event Manager versions 3.1.49 and earlier, update to a version later than 3.1.49 to resolve the issue.
Fix