CVE-2025-49454 | LoftOcean TinySalt Plugin up to 3.9.x on WordPress filename control

Inserito da Angelo Barbosa | Giu 10, 2025 | CVE

A vulnerability, which was classified as problematic, was found in LoftOcean TinySalt Plugin up to 3.9.x on WordPress. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is traded as CVE-2025-49454. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-49454 | LoftOcean TinySalt Plugin up to 3.9.x on WordPress filename control

Post correlati

CVE-2024-38864 | Checkmk up to 2.1.0p50/2.2.0p37/2.3.0p22 Windows Agent Data Directory permission assignment

CVE-2024-11677 | CodeAstro Hospital Management System 1.0 Add Vendor Details Page his_admin_add_vendor.php v_name/v_adr/v_number/v_email/v_phone/v_desc cross site scripting

CVE-2023-52536 | Unisoc S8000 Faceid Service out-of-bounds

CVE-2023-50250 | Cacti up to 1.2.25 XML Template templates_import.php cross site scripting (GHSA-xwqc-7jc4-xm73)