CVE-2025-49278

Name of the Vulnerable Software and Affected Versions Unfoldwp Blogty versions 1.0.0 through 1.0.11

Description The issue is related to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion.

Recommendations For Unfoldwp Blogty versions 1.0.0 through 1.0.11, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the include/require statements that allow remote file inclusion until a patch is available.