CVE-2025-2101 – Edumall WordPress Local File Inclusion Vulnerability

April 26, 2025

CVE ID : CVE-2025-2101

Published : April 26, 2025, 9:15 a.m. | 2 hours, 49 minutes ago

Description : The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the ‘template’ parameter of the ‘edumall_lazy_load_template’ AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleLinus Torvalds critica duramente i file system che non distinguono tra maiuscole e minuscole!

Next Article CVE-2024-13812 – “Anps Theme Plugin WordPress Shortcode Injection Vulnerability”

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

The Alters PC review: I’m rethinking my own life paths after falling in love with a sci-fi game

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

Developing a Serverless Blogging Platform with AWS Lambda and Python

YAML files in DBT

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

CVE-2025-2101 – Edumall WordPress Local File Inclusion Vulnerability

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

Graphite spyware used in Apple iOS zero-click attacks on journalists

CVE-2025-24522 – KUNBUS Revolution Pi Node-RED Remote Command Execution

CVE-2025-4788 – FreeFloat FTP Server DELETE Command Handler Buffer Overflow Vulnerability

British compute sector surged ahead in 2024, report shows

Agentic Workflows in Insurance Claim Processing

CVE-2024-56524 – Radware Cloud Web Application Firewall (WAF) URL Filter Bypass Vulnerability

CVE-2025-4170 – Xavin’s Review Ratings Stored Cross-Site Scripting Vulnerability

Distribution Release: PorteuX 2.1

The Front-End Performance Optimization Handbook – Tips and Strategies for Devs

CVE-2025-2101 – Edumall WordPress Local File Inclusion Vulnerability

Related Posts