CVE-2025-13886

Name of the Vulnerable Software and Affected Versions LT Unleashed plugin for WordPress versions up to and including 1.1.1

Description The LT Unleashed plugin for WordPress is susceptible to Local File Inclusion due to inadequate path sanitization of the template parameter within the book shortcode. This allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. Successful exploitation could lead to bypassing access controls, obtaining sensitive data, or achieving code execution, particularly if files like wp-config.php are included.

Recommendations Update the LT Unleashed plugin to a version beyond 1.1.1.