CVE-2025-13070

CVSS v3.1

6.6

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CSV to SortTable WordPress plugin versions through 4.2

Description The software does not properly check certain shortcode attributes before using them to create file paths that are then used with include functions. This allows users with contributor-level access to potentially perform Local File Inclusion (LFI) attacks.

Recommendations Update to a version beyond 4.2.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-13070

Affected Products

Csv To Sorttable

CVE-2025-13070

Related Identifiers

Affected Products

References · 4