PT-2025-46942 · WordPress · Creta Testimonial Showcase
Khaled Alenazi
·
Published
2025-11-14
·
Updated
2025-11-14
·
CVE-2025-10686
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Creta Testimonial Showcase WordPress plugin versions prior to 1.2.4
Description
The Creta Testimonial Showcase WordPress plugin is susceptible to a Local File Inclusion issue. Attackers with editor-level access or higher can include and execute arbitrary files on the server, potentially executing PHP code within those files.
Recommendations
Update the Creta Testimonial Showcase WordPress plugin to version 1.2.4 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Creta Testimonial Showcase