PT-2026-2820 · WordPress · Gotham Block Extra Light
Bhumividh Treloges
·
Published
2026-01-14
·
Updated
2026-01-14
·
CVE-2025-15020
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gotham Block Extra Light plugin for WordPress versions prior to 1.5.1
Description
The Gotham Block Extra Light plugin for WordPress is susceptible to an arbitrary file read issue. This affects versions up to and including 1.5.0. Authenticated attackers possessing contributor-level access or higher can exploit the 'ghostban' shortcode to read the contents of arbitrary files on the server. These files may contain sensitive information.
Recommendations
Update the Gotham Block Extra Light plugin to version 1.5.1 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gotham Block Extra Light