PHP Local File Inclusion Vulnerability in Deetronix Affiliate Coupons
CVE-2025-26957
7.5HIGH
What is CVE-2025-26957?
A vulnerability in the Deetronix Affiliate Coupons plugin allows for improper control of filenames in PHP include/require statements, leading to potential execution of malicious files on the server. This flaw permits attackers to exploit local file inclusion, potentially compromising the security and integrity of the host application. The issue is present in all versions up to and including 1.7.3, making it crucial for users to apply patches or updates to mitigate risks.
Affected Version(s)
Affiliate Coupons <= 1.7.3