CVE-2025-10723
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-10-27
Assigner: WPScan
Description
Description
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pixelyoursite | plugin | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the PixelYourSite WordPress plugin (before version 11.1.2) allows any admin user to perform Local File Inclusion (LFI) attacks because the plugin does not properly validate some URL parameters before using them to generate file paths.
How can this vulnerability impact me? :
An attacker with admin privileges could exploit this vulnerability to include local files on the server, potentially leading to unauthorized access to sensitive information, code execution, or other malicious actions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70