CVE-2025-14430 | ThemeMove Brook Plugin up to 2.8.9 on WordPress filename control

Inserito da Angelo Barbosa | Gen 8, 2026 | CVE

A vulnerability, which was classified as critical, was found in ThemeMove Brook Plugin up to 2.8.9 on WordPress. This affects an unknown part. Such manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is traded as CVE-2025-14430. The attack may be launched remotely. There is no exploit available.

CVE-2025-14430 | ThemeMove Brook Plugin up to 2.8.9 on WordPress filename control

Post correlati

CVE-2024-11867 | papin Companion Portfolio Plugin up to 2.4.0.1 on WordPress Shortcode companion-portfolio cross site scripting

CVE-2024-58288 | Genexus Protection Server 9.7.2.10 Windows Service unquoted search path (Exploit 52065 / EDB-52065)

CVE-2024-6879 | Quiz and Survey Master Plugin up to 9.1.0 on WordPress cross site scripting

CVE-2024-24133 | Atmail 6.6.0 Login Page username sql injection