Local File Inclusion Vulnerability in CSV to SortTable Plugin by WordPress
CVE-2025-13070
Currently unrated
Key Information:
- Vendor
WordPress
- Status
- Vendor
- CVE Published:
- 9 December 2025
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2025-13070?
The CSV to SortTable WordPress plugin prior to version 4.2 fails to properly validate certain shortcode attributes. This oversight allows authenticated users, including those with contributor roles, to execute Local File Inclusion (LFI) attacks. By exploiting this vulnerability, an attacker could gain unauthorized access to sensitive files on the server, potentially compromising the security of the entire WordPress installation.
Affected Version(s)
CSV to SortTable 0 <= 4.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.