PHP Remote File Inclusion Vulnerability in Shuffle Subscribe to Unlock Lite Plugin
CVE-2025-39592

Currently unrated

Key Information:

Vendor: WordPress
Status: Shuffle Subscribe to Unlock Lite
Vendor: CVE Published:; 16 April 2025

Summary

The Shuffle Subscribe to Unlock Lite plugin for WordPress suffers from a PHP Remote File Inclusion vulnerability. This security flaw allows an attacker to manipulate the filename used in include or require statements, leading to potential local file inclusion. Specifically, the vulnerability exists in versions from n/a up to 1.3.0, posing a risk to the integrity and security of the website leveraging this plugin. It is crucial for users to update their installations to mitigate potential exploitation.

References

https://patchstack.com/database/wordpress/plugin/subscrib...

Timeline

Vulnerability published
Apr 16, 2025