CVE-2025-49279

Name of the Vulnerable Software and Affected Versions Unfoldwp Blogvy versions 1.0.0 through 1.0.7

Description The issue is related to improper control of filename for include/require statement in PHP programs, also known as 'PHP Remote File Inclusion'. This allows PHP Local File Inclusion.

Recommendations For Unfoldwp Blogvy versions 1.0.0 through 1.0.7, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the include/require statements that allow file inclusions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.