Local File Inclusion Vulnerability in SolverWp Eleblog by WordPress
CVE-2025-69374

8.1HIGH

Key Information:

Vendor: WordPress
Status: Eleblog – Elementor Blog And Magazine Addons
Vendor: CVE Published:; 20 February 2026

What is CVE-2025-69374?

The SolverWp Eleblog – Elementor Blog And Magazine Addons plugin has a vulnerability that allows for PHP Local File Inclusion due to improper control over filenames in include/require statements. This can enable unauthorized access to sensitive files on the server, potentially compromising the site's integrity and security. Users are advised to update to the latest version of the plugin to mitigate risks associated with this vulnerability.

Affected Version(s)

Eleblog – Elementor Blog And Magazine Addons 0 <= 2.0.3

References

https://patchstack.com/database/Wordpress/Plugin/ele-blog...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Dec 31, 2025

Credit

Phat RiO | Patchstack Bug Bounty Program

CVE-2025-69374 Data

JSON