- Description
- The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP file types can be uploaded and included, or pearcmd is enabled on a server with register_argc_argv also enabled.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
💥 FLASH NOTICE 💥 CVE-2025-2158 is a high-severity Local File Inclusion (LFI) #vulnerability affecting the "#WordPress Review Plugin: The Ultimate Solution for Building a Review Website." More details in the full notice: https://t.co/9cVJW753w2 https://t.co/OZqMJICmGH
@Avertium
13 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2158 🔴 HIGH (8.8) 🏢 mythemeshop - WordPress Review Plugin: The Ultimate Solution for Building a Review Website 🏗️ * 🔗 https://t.co/CA0CJaCiWn 🔗 https://t.co/pKrCS7xeY5 🔗 https://t.co/mbe6LRrNRd #CyberCron #VulnAlert #InfoSec https://t.co/SXm1fv62
@cybercronai
10 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2158 The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and i… https://t.co/9l8cbRfnte
@CVEnew
10 May 2025
603 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2158: HIGH] WordPress Review Plugin version 5.3.5 vulnerable to Local File Inclusion via Post custom fields, posing cyber security risks for contributors and above. #cybersecurity#cve,CVE-2025-2158,#cybersecurity https://t.co/YBksVFho4U https://t.co/3jQy6L0Qjd
@CveFindCom
10 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes