CVE-2025-10686
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-14
Last updated on: 2025-11-14
Assigner: WPScan
Description
Description
The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| creta | testimonial_showcase | 1.2.4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) issue in the Creta Testimonial Showcase WordPress plugin versions before 1.2.4. It allows authenticated users with editor-level access or higher to include and execute arbitrary files on the server, which means they can run any PHP code contained in those files.
How can this vulnerability impact me? :
The vulnerability can allow attackers with sufficient privileges to execute arbitrary PHP code on the server. This can lead to unauthorized actions such as data theft, server compromise, or further exploitation of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70