PHP Remote File Inclusion Vulnerability in NotFound WP Vehicle Manager
CVE-2025-25109

8.1HIGH

Key Information:

Vendor: WordPress
Status: WP Vehicle Manager
Vendor: CVE Published:; 3 March 2025

Summary

The NotFound WP Vehicle Manager plugin for WordPress is susceptible to a PHP Remote File Inclusion vulnerability. This flaw allows malicious actors to manipulate filename controls within the PHP program, leading to potential PHP Local File Inclusion. It can impact various installations of the plugin, particularly affecting versions up to 3.1. Users are urged to evaluate their configurations and ensure proper security measures are implemented to prevent exploitation.

Affected Version(s)

WP Vehicle Manager <= 3.1

References

https://patchstack.com/database/wordpress/plugin/js-vehic...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)