CVE-2025-4857 – WordPress Newsletters Plugin Local File Inclusion Vulnerability

May 31, 2025

CVE ID : CVE-2025-4857

Published : May 31, 2025, 12:15 p.m. | 1 hour, 28 minutes ago

Description : The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the ‘file’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5376 – SourceCodester Health Center Patient Record Management System SQL Injection

Next Article CVE-2025-4691 – “Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking Direct Object Reference Vulnerability”

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Anthropic researchers say next-generation AI models will reduce humans to “meat robots” in a spectrum of crazy futures

Xbox just quietly added two of the best RPGs of all time to Game Pass

7 reasons The Division 2 is a game you should be playing in 2025

Mastering TypeScript: How Complex Should Your Types Be?

Mastering TypeScript: How Complex Should Your Types Be?

IDMC – CDI Best Practices

PWC-IDMC Migration Gaps

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Anthropic researchers say next-generation AI models will reduce humans to “meat robots” in a spectrum of crazy futures

Xbox just quietly added two of the best RPGs of all time to Game Pass

CVE-2025-4857 – WordPress Newsletters Plugin Local File Inclusion Vulnerability

May 2025 Detection Highlights: VMRay Threat Identifiers, Config Extractors for Lumma & VideoSpy, and Fresh YARA Rules.

Kritiek RoundCube-lek maakt remote code execution op mailserver mogelijk

DeepSeek outperforms OpenAI’s reasoning model at just 3% of the cost after President Trump’s $500 billion Stargate AI initiative. “All I know is we keep pushing forward to make open-source AGI a reality for everyone🚀”

The 7 tech gadgets I couldn’t live without in 2024 – and they don’t include AirTags

CVE-2025-45487 – Linksys E5600 Command Injection Vulnerability

Adobe’s Photoshop AI editing magic finally comes to Android – and it’s free

BSD Release: FreeBSD 13.5

Google Maps and Waze have 5 new features. Here’s how they can help you

Adobe Acrobat’s AI Assistant can now decipher complex contracts for you

How to install a screen protector on your gaming handheld — Steam Deck, ROG Ally, Legion Go, and more

CVE-2025-4857 – WordPress Newsletters Plugin Local File Inclusion Vulnerability

Related Posts