CVE-2025-11920 | WPCOM Member Plugin up to 1.7.14 on WordPress Shortcode action file inclusion

Inserito da Angelo Barbosa | Ott 31, 2025 | CVE

A vulnerability identified as critical has been detected in WPCOM Member Plugin up to 1.7.14 on WordPress. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation of the argument action leads to file inclusion.

This vulnerability is referenced as CVE-2025-11920. Remote exploitation of the attack is possible. No exploit is available.

CVE-2025-11920 | WPCOM Member Plugin up to 1.7.14 on WordPress Shortcode action file inclusion

Post correlati

CVE-2024-45047 | sveltejs svelte up to 4.2.18 cross site scripting (GHSA-8266-84wp-wv5c)

CVE-2024-49193 | Zendesk 1.0.5/7.x-1.1 E-Mail Message Cc improper authorization

CVE-2025-32711 | Microsoft 365 Copilot AI command injection

CVE-2023-50868 | DNS Protocol Closest Encloser Proof resource consumption