CVE-2025-3491 – WordPress Add Custom Page Template PHP Code Injection

April 26, 2025

CVE ID : CVE-2025-3491

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the ‘acpt_validate_setting’ function. This is due to insufficient sanitization of the ‘template_name’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3915 – Airtable Aeropage Sync for WordPress Unauthorized Data Deletion Vulnerability

Next Article CVE-2025-3906 – Eduzz WooCommerce Unauthorized Data Modification Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-3491 – WordPress Add Custom Page Template PHP Code Injection

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 24

CVE-2025-3819 – PHPGurukul Men Salon Management System SQL Injection Vulnerability

CVE-2025-4209 – “Apache HTTP Server Command Injection Vulnerability”

NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments

CVE-2025-3965 – Itwanger Paicoding Cross Site Scripting Vulnerability

‘Clair Obscur: Expedition 33’ utterly destroys Square Enix’s gaslighting over Final Fantasy turn-based combat

CVE-2025-1706 – Adobe Flash Use-After-Free Vulnerability

Pushing the Boundaries of Logo Design Through Storytelling and Expression

CVE-2025-46216 – Apache HTTP Server HTTP Request Smuggling

CVE-2025-3491 – WordPress Add Custom Page Template PHP Code Injection

Related Posts