Local File Inclusion Vulnerability in UnboundStudio Accordion FAQ Plugin
CVE-2025-58024

7.5HIGH

Key Information:

Vendor: WordPress
Status: Accordion Faq
Vendor: CVE Published:; 2 June 2026

What is CVE-2025-58024?

The UnboundStudio Accordion FAQ Plugin is susceptible to a local file inclusion vulnerability due to improper control of filenames in PHP include and require statements. This flaw allows attackers to potentially manipulate the path of files included in the PHP environment, thereby facilitating unauthorized access to sensitive data. The issue is present in versions up to 2.2.1, making it crucial for users to address this vulnerability promptly to safeguard their applications.

Affected Version(s)

Accordion FAQ <= 2.2.1

References

https://patchstack.com/database/wordpress/plugin/pressapp...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Aug 22, 2025

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

CVE-2025-58024 Data

JSON

WordPress

What is CVE-2025-58024?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit