2 matches found
CVE-2025-10723
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...
CVE-2025-10723
PixelYourSite WordPress plugin prior to 11.1.2 contains an input validation flaw: certain URL parameters are not validated before being used to build paths for functions, enabling Local File Inclusion when performed by an administrator. Exploitation context indicates this requires admin privilege...