CVE-2025-14502

Name of the Vulnerable Software and Affected Versions The News and Blog Designer Bundle plugin for WordPress versions prior to 1.2

Description The plugin is susceptible to a Local File Inclusion issue via the template parameter. This allows unauthenticated attackers to include and execute arbitrary .php files on the server. Successful exploitation could lead to bypassing access controls, obtaining sensitive data, or achieving code execution if .php file uploads and inclusion are permitted.

Recommendations Update to version 1.2 or later.