EUVD-2025-16141

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Hot Random Image plugin for WordPress has Path Traversal vulnerability in versions up to 1.9.2.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-4419	22 May 202509:42	–	circl
CNNVD	WordPress plugin Hot Random Image 路径遍历漏洞	22 May 202500:00	–	cnnvd
CVE	CVE-2025-4419	22 May 202509:21	–	cve
Cvelist	CVE-2025-4419 Hot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter	22 May 202509:21	–	cvelist
EUVD	EUVD-2025-16140	3 Oct 202520:07	–	euvd
NVD	CVE-2025-4419	22 May 202510:15	–	nvd
Patchstack	WordPress Hot Random Image plugin <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter vulnerability	21 May 202521:15	–	patchstack
Positive Technologies	PT-2025-22452 · WordPress · Hot Random Image	22 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-4419	24 May 202510:13	–	redhatcve
Vulnrichment	CVE-2025-4419 Hot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter	22 May 202509:21	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "6dc718ca-7d3b-320e-af74-138f626e367f",
        "vendor": {
          "name": "hotwptemplates"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5088a78b-7008-3dc2-873c-ca12fb0da97a",
        "product": {
          "name": "Hot Random Image"
        },
        "product_version": "* ≤1.9.2"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/d6628232-0bd1-4194-8322-36084b1eb0f7
plugins	www.plugins.trac.wordpress.org/browser/hot-random-image/tags/1.9.2/hot_random_image.php
wordpress	www.wordpress.org/plugins/hot-random-image/
plugins	www.plugins.trac.wordpress.org/changeset/3298033/

03 Oct 2025 20:07Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.14.3

EPSS0.00338

SSVC