- Description
- The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. This is due to insufficient sanitization of the 'template_name' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-94
- Hype score
- Not currently trending
�� CVE-2025-3491 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-26 06:15:16 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/0eOBc14Ukx
@vulns_space
26 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3491 The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via t… https://t.co/a5rphtUach
@CVEnew
26 Apr 2025
617 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes