PT-2026-6881 · Unknown · Post Slides
Khaled Alenazi
·
Published
2026-02-07
·
Updated
2026-02-07
·
CVE-2025-15491
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Post Slides versions through 1.0.1
Description
The software does not properly check shortcode attributes before using them to create file paths for inclusion, potentially allowing authenticated users with contributor or higher privileges to carry out Local File Inclusion (LFI) attacks.
Recommendations
Update Post Slides to a version later than 1.0.1.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Post Slides