Remote Code Execution Vulnerability in Sneeit Framework Plugin for WordPress
CVE-2025-6389

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Sneeit Framework
Vendor: CVE Published:; 25 November 2025

What is CVE-2025-6389?

The Sneeit Framework plugin for WordPress is susceptible to Remote Code Execution due to inadequate validation in the sneeit_articles_pagination_callback() function. This vulnerability enables attackers to send specially crafted user input, which is processed via call_user_func(), granting them the ability to execute malicious code on the server. This can lead to serious security incidents, such as the installation of backdoors or the unauthorized creation of administrative accounts, thereby compromising the integrity of the website.

Affected Version(s)

Sneeit Framework * <= 8.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/flat-news-responsive-magazin...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Jun 20, 2025

Credit

Tonn

JSON