CVE-2025-12549 | magentech Rozy Plugin up to 1.2.25 on WordPress filename control

Inserito da Angelo Barbosa | Gen 8, 2026 | CVE

A vulnerability classified as critical was found in magentech Rozy Plugin up to 1.2.25 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is reported as CVE-2025-12549. The attack can be launched remotely. No exploit exists.

CVE-2025-12549 | magentech Rozy Plugin up to 1.2.25 on WordPress filename control

Post correlati

CVE-2024-54662 | Dante 1.4.0/1.4.1/1.4.2/1.4.3 Configuration sockd.conf access control

CVE-2024-8381 | Mozilla Firefox up to 129.x Property Name Lookup type confusion

CVE-2024-47805 | Jenkins Credentials Plugin up to 1380.va_435002fa_924 CLI/REST API config.xml information disclosure

CVE-2025-5227 | PHPGurukul Small CRM 3.0 manage-tickets.php aremark sql injection