CVE-2025-60126
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-26

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through <= 3.5.8.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-26
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-60126
EUVD
EUVD-2025-31274
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pluginops testimonial_slider *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper control of filename for include/require statements in the PluginOps Testimonial Slider PHP program, leading to a PHP Local File Inclusion issue. It allows an attacker to include local files on the server through the plugin, potentially executing malicious code.

Impact Analysis

The vulnerability can have a severe impact, including unauthorized access to sensitive files, execution of arbitrary code, and full compromise of the affected system. It has a high severity score indicating it can lead to confidentiality, integrity, and availability breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60126. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart