PHP Local File Inclusion Vulnerability in FW Gallery by Fastw3b LLC
CVE-2025-49416

8.1HIGH

Key Information:

Vendor: WordPress
Status: Fw Gallery
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-49416?

The FW Gallery plugin by Fastw3b LLC is vulnerable to a PHP Local File Inclusion issue due to improper control of filename handling in include/require statements. This vulnerability can allow attackers to exploit the server by including local files, potentially enabling unauthorized access or manipulation of sensitive data. Affected versions span from n/a to 8.0.0, highlighting an urgent need for users to update their installations to mitigate the risks associated with this flaw.

Affected Version(s)

FW Gallery <= 8.0.0

References

https://patchstack.com/database/wordpress/plugin/fw-galle...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

LVT-tholv2k (Patchstack Alliance)

WordPress

What is CVE-2025-49416?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit