CVE-2025-7650

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions prior to 1.1.0.51

Description: The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion via the bizcalv shortcode. Authenticated attackers with Contributor-level access and above can include and execute arbitrary files on the server, potentially allowing the execution of PHP code. This can be used to bypass access controls and obtain sensitive data.

Recommendations: Update the BizCalendar Web plugin to version 1.1.0.51 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-98

Related Identifiers

CVE-2025-7650

Affected Products

Bizcalendar Web

CVE-2025-7650

Weakness Enumeration

Related Identifiers

Affected Products

References · 8