CVE-2025-4419 – WordPress Hot Random Image Path Traversal Vulnerability

May 22, 2025

CVE ID : CVE-2025-4419

Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the ‘path’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-25010 – Ericsson RAN Compute and Site Controller Code Injection Vulnerability

Next Article CVE-2025-4405 – WordPress Hot Random Image Stored Cross-Site Scripting Vulnerability

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

HoundDog.ai Launches Industry’s First Privacy-by-Design Code Scanner for AI Applications

The Double-Edged Sustainability Sword Of AI In Web Design

How VPNs are helping people evade increased censorship – and much more

Google’s AI Mode can now find restaurant reservations for you – how it works

Best early Labor Day TV deals 2025: Save up to 50% on Samsung, LG, and more

Claude wins high praise from a Supreme Court justice – is AI’s legal losing streak over?

Preserving Data Integrity with Laravel Soft Deletes for Recovery and Compliance

Preserving Data Integrity with Laravel Soft Deletes for Recovery and Compliance

Quickly Generate Forms based on your Eloquent Models with Laravel Formello

Pest 4 is Released

FOSS Weekly #25.34: Mint 22.2 Features, FreeVPN Fiasco, Windows Update Killing SSDs, AI in LibreOffice and More

FOSS Weekly #25.34: Mint 22.2 Features, FreeVPN Fiasco, Windows Update Killing SSDs, AI in LibreOffice and More

You’ll need standalone Word, PowerPoint, Excel on iOS, as Microsoft 365 app becomes a Copilot wrapper

Microsoft to Move Copilot Previews to iOS While Editing Returns to Office Apps

CVE-2025-4419 – WordPress Hot Random Image Path Traversal Vulnerability

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

Bill Gates says, “We weren’t born to do jobs. AI will replace humans for most things.”

Mail Notification Tools: 7 Best Free and Open Source Software

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

CVE-2025-37881 – Aspeed USB Gadget NULL Pointer Dereference

dnsperf – measure performance of authoritative domain name services

CVE-2025-6989 – Kallyas WordPress Arbitrary Folder Deletion

CVE-2025-5310 – Dover Fueling Solutions ProGauge MagLink LX Consoles Unauthenticated Remote Code Execution

Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions – Update Now

CVE-2025-4419 – WordPress Hot Random Image Path Traversal Vulnerability

Related Posts