PHP Remote File Inclusion Vulnerability in LCweb PrivateContent - Mail Actions
CVE-2025-47627

7.5HIGH

Key Information:

Vendor: WordPress
Status: Privatecontent - Mail Actions
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-47627?

The vulnerability in LCweb's PrivateContent - Mail Actions plugin allows for improper control over filenames used in include or require statements. This can lead to PHP Local File Inclusion, potentially exposing sensitive files on the server and allowing unauthorized access to critical system components. Versions affected are from n/a through 2.3.2, necessitating immediate action to secure applications utilizing this plugin.

Affected Version(s)

PrivateContent - Mail Actions <= 2.3.2

References

https://patchstack.com/database/wordpress/plugin/private-...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
May 7, 2025

Credit

Bonds (Patchstack Alliance)

WordPress

What is CVE-2025-47627?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit