Local File Inclusion Vulnerability in Newsletters Plugin for WordPress
CVE-2025-4857
7.2HIGH
What is CVE-2025-4857?
The Newsletters plugin for WordPress is exposed to a Local File Inclusion vulnerability due to improper validation of the 'file' parameter. This vulnerability affects all versions up to 4.9.9.9 and enables attackers with Administrator-level access to include and execute arbitrary files on the server. Such exploitation can lead to unauthorized access, execution of malicious PHP code, and potential data breaches through the inclusion of sensitive information or the bypassing of access controls.
Affected Version(s)
Newsletters * <= 4.9.9.9