CVE-2025-12550 | jwsthemes OchaHouse Plugin up to 2.2.8 on WordPress filename control

Inserito da Angelo Barbosa | Gen 8, 2026 | CVE

A vulnerability, which was classified as critical, has been found in jwsthemes OchaHouse Plugin up to 2.2.8 on WordPress. Affected by this issue is some unknown functionality. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability appears as CVE-2025-12550. The attack may be initiated remotely. There is no available exploit.

CVE-2025-12550 | jwsthemes OchaHouse Plugin up to 2.2.8 on WordPress filename control

Post correlati

CVE-2024-40706 | IBM InfoSphere Information Server 11.7 exposure of sensitive system information to an unauthorized control sphere

CVE-2024-6848 | BoldGrid Post and Page Builder Plugin up to 1.26.6 on WordPress File Upload cross site scripting

CVE-2025-5343 | Zoho ManageEngine Exchange Reporter Plus up to 5721 Instant Search Option cross site scripting

CVE-2024-6006 | ZKTeco ZKBio CVSecurity V5000 4.1.0 Summer Schedule Schedule Name cross site scripting