PHP Remote File Inclusion Vulnerability in WPB Category Slider for WooCommerce
CVE-2025-53281

7.5HIGH

Key Information:

Vendor: WordPress
Status: WPb Category Slider For WooCommerce
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-53281?

The WPB Category Slider for WooCommerce plugin has a vulnerability that allows attackers to exploit improper control over the filenames used in include/require statements. This PHP Remote File Inclusion vulnerability can lead to unauthorized access and potential breaches, exposing sensitive files on the server. The issue affects versions from n/a through 1.71, necessitating prompt attention to mitigate associated security risks.

Affected Version(s)

WPB Category Slider for WooCommerce <= 1.71

References

https://patchstack.com/database/wordpress/plugin/wpb-wooc...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

muhammad yudha (Patchstack Alliance)

WordPress

What is CVE-2025-53281?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit