CVE-2025-14475 | Extensive VC Addons for WPBakery Page Builder Plugin extensive_vc_get_module_template_part file inclusion

Inserito da Angelo Barbosa | Dic 12, 2025 | CVE

A vulnerability classified as critical has been found in Extensive VC Addons for WPBakery Page Builder Plugin up to 1.9.1 on WordPress. This vulnerability affects the function extensive_vc_get_module_template_part. The manipulation of the argument shortcode_name leads to file inclusion.

This vulnerability is documented as CVE-2025-14475. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-14475 | Extensive VC Addons for WPBakery Page Builder Plugin extensive_vc_get_module_template_part file inclusion

Post correlati

CVE-2025-47570 | villatheme WooCommerce Photo Reviews Premium Plugin up to 1.3.13 on WordPress cross site scripting

CVE-2024-3897 | Popup Box Plugin up to 4.3.6 on WordPress authorization

CVE-2024-35637 | Church Admin Plugin up to 4.3.6 on WordPress server-side request forgery

CVE-2024-24304 | Mailjet Module up to 3.5.0 on PrestaShop information disclosure