Arbitrary File Read Vulnerability in Mayosis Core Plugin for WordPress
CVE-2025-1565

7.5HIGH

Key Information:

Vendor: WordPress
Status: Mayosis Core
Vendor: CVE Published:; 25 April 2025

What is CVE-2025-1565?

The Mayosis Core plugin for WordPress presents a vulnerability that allows unauthorized access to sensitive file content on the server. Through a specific PHP file located in library/wave-audio/peaks/remote_dl.php, an unauthenticated attacker can exploit this flaw to read contents from arbitrary files, potentially exposing sensitive information stored on the server. This vulnerability affects all versions up to and including 5.4.1 of the Mayosis Core plugin, highlighting the importance of keeping plugins up-to-date and regularly monitoring web applications for security issues.

Affected Version(s)

Mayosis Core 0 <= 5.4.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/mayosis-digital-marketplace-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Tonn

CVE-2025-1565 Data

JSON