CVE-2025-14475 Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter
The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...