Local File Inclusion Vulnerability in WP Shuffle Subscribe to Download Lite by WordPress
CVE-2025-30782

7.5HIGH

Key Information:

Vendor: WordPress
Status: Subscribe To Download Lite
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-30782?

The WP Shuffle Subscribe to Download Lite plugin is affected by a vulnerability that allows for local file inclusion through improper control of filenames in PHP programming. This flaw can potentially expose sensitive files on the server, leading to a range of security issues. Users of the affected versions, from n/a up to 1.2.9, are advised to upgrade to secure their installations and prevent unauthorized file access.

Affected Version(s)

Subscribe to Download Lite <= 1.2.9

References

https://patchstack.com/database/wordpress/plugin/subscrib...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

LVT-tholv2k (Patchstack Alliance)