PHP Remote File Inclusion Vulnerability in Shuffle Subscribe to Unlock Lite Plugin

CVE-2025-39592

What is CVE-2025-39592?

The Shuffle Subscribe to Unlock Lite plugin for WordPress suffers from a PHP Remote File Inclusion vulnerability. This security flaw allows an attacker to manipulate the filename used in include or require statements, leading to potential local file inclusion. Specifically, the vulnerability exists in versions from n/a up to 1.3.0, posing a risk to the integrity and security of the website leveraging this plugin. It is crucial for users to update their installations to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References