Local File Inclusion Vulnerability in Majestic Support by Majestic Support
CVE-2025-26985

8.1HIGH

Key Information:

Vendor: WordPress
Status: Majestic Support
Vendor: CVE Published:; 25 February 2025

What is CVE-2025-26985?

A Local File Inclusion vulnerability in Majestic Support can allow unauthorized PHP files to be included and executed on the server. This flaw exposes the application to potential attacks by enabling adversaries to load local files through manipulated requests, which can lead to data exposure or further compromise the server's integrity. Users of Majestic Support versions up to 1.0.6 should address this issue promptly to safeguard their environments from exploitation.

Affected Version(s)

Majestic Support <= 1.0.6

References

https://patchstack.com/database/wordpress/plugin/majestic...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)

WordPress

What is CVE-2025-26985?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit