WordPress BlindMatrix e-Commerce plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...

CVE-2025-10406

The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...

WordPress BlindMatrix e-Commerce plugin < 3.1 - Contributor+ LFI vulnerability

Contributor+ LFI vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin BlindMatrix e-Commerce versions 3.1...

CVE-2025-10406 BlindMatrix e-Commerce < 3.1 - Contributor+ LFI

The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks...