CVE-2025-10406
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-15

Last updated on: 2025-10-16

Assigner: WPScan

Description
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-15
Last Modified
2025-10-16
Generated
2026-06-16
AI Q&A
2025-10-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10406
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
blindmatrix e-commerce *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the BlindMatrix e-Commerce WordPress plugin (versions before 3.1) is a Local File Inclusion (LFI) issue. It occurs because the plugin does not properly validate certain shortcode attributes before using them to build file paths that are passed to PHP include functions. This allows any authenticated user with contributor-level permissions or higher to exploit the flaw and include local files on the server, potentially accessing sensitive system files. [1]

Impact Analysis

The vulnerability can allow authenticated users with contributor-level access to perform Local File Inclusion attacks. This means they could read sensitive files on the server, such as configuration files or password files, which could lead to information disclosure, further system compromise, or unauthorized access to sensitive data. [1]

Detection Guidance

This vulnerability can be detected by checking if the BlindMatrix e-Commerce WordPress plugin version is prior to 3.1 and by testing for Local File Inclusion (LFI) exploitation attempts. One way to detect exploitation attempts is to look for usage of the shortcode with suspicious attributes, for example: `[BlindMatrix source="/etc/passwd"]`. You can search WordPress content or logs for this shortcode pattern. Additionally, monitoring web server logs for requests containing this shortcode or unusual file inclusion attempts may help detect exploitation. Specific commands could include searching the WordPress database or files for the shortcode pattern, e.g., using grep: `grep -r '\[BlindMatrix source=' /path/to/wordpress` or querying the database for posts containing the shortcode. Also, inspecting web server access logs for requests with this shortcode or unusual parameters can be done with commands like `grep 'BlindMatrix source=' /var/log/apache2/access.log`. [1]

Mitigation Strategies

The immediate mitigation step is to update the BlindMatrix e-Commerce WordPress plugin to version 3.1 or later, where the vulnerability has been fixed. Until the update can be applied, restrict authenticated user permissions to prevent contributors or lower roles from using shortcodes that could exploit this vulnerability. Additionally, consider disabling shortcode execution for untrusted users or applying web application firewall (WAF) rules to block suspicious shortcode usage patterns related to this vulnerability. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10406. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart