CVE-2025-14059

Name of the Vulnerable Software and Affected Versions EmailKit versions up to and including 1.6.1

Description The EmailKit plugin for WordPress is susceptible to Arbitrary File Read due to a Path Traversal issue. This occurs because of a lack of path validation in the create template REST API endpoint. User-controlled input from the emailkit-editor-template parameter is directly passed to the file get contents() function without proper sanitization. This allows authenticated attackers with Author-level permissions or higher to read arbitrary files on the server, potentially including sensitive configuration files such as /etc/passwd and wp-config.php, through the REST API. The file contents are stored in post meta and can be exfiltrated through MetForm's email confirmation feature.

Recommendations Update EmailKit to a version later than 1.6.1.