CVE-2025-13786

Name of the Vulnerable Software and Affected Versions taosir WTCMS (affected versions not specified)

Description A code injection issue exists in the fetch function of the /index.php file. Manipulation of the content argument can lead to code injection, and the attack can be initiated remotely. The exploit is publicly available. The product utilizes a rolling release model, and no specific version details for affected or updated releases are available. The vendor was contacted regarding this disclosure but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.