CVE-2025-3491 – WordPress Add Custom Page Template PHP Code Injection

April 26, 2025

CVE ID : CVE-2025-3491

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the ‘acpt_validate_setting’ function. This is due to insufficient sanitization of the ‘template_name’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3915 – Airtable Aeropage Sync for WordPress Unauthorized Data Deletion Vulnerability

Next Article CVE-2025-3906 – Eduzz WooCommerce Unauthorized Data Modification Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

I’ve been trying to figure out why these AR glasses cost $700, but I’m frankly stumped

This new vertical mouse is saving my wrist, and the company I least expected is responsible

If we want a passwordless future, let’s get our passkey story straight

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

I’ve been trying to figure out why these AR glasses cost $700, but I’m frankly stumped

This new vertical mouse is saving my wrist, and the company I least expected is responsible

CVE-2025-3491 – WordPress Add Custom Page Template PHP Code Injection

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching

The Pros and Cons of AI in Design

Microsoft Researchers Introduce VALL-E 2: A Language Modeling Approach that Achieves Human Parity Zero-Shot Text-to-Speech Synthesis (TTS)

“That was really frustrating for us on the dev side.” Halo dev explains how one of the Xbox series’ biggest controversies came to be

Why Partnering with a ReactJS Development Company Is a Smart Investment

Beyond Deep Learning: Evaluating and Enhancing Model Performance for Tabular Data with XGBoost and Ensembles

Phi-4-mini, Microsoft’s new next-gen small model, has finally arrived

Wix vs WordPress vs Squarespace

NymVPN: Introducing a security-first decentralized VPN with a Mixnet flair

CVE-2025-3491 – WordPress Add Custom Page Template PHP Code Injection

Related Posts