WordPress News and Blog Designer Bundle plugin <= 1.1 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin News and Blog Designer Bundle versions = 1.1...

CVE-2025-14502

The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution...

CVE-2025-31082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through = 4.0...

CVE-2025-31082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File Inclusion.This issue affects News & Blog Designer Pack: from n/a through = 4.0...

CVE-2023-5815

The News & Blog Designer Pack – WordPress Blog Plugin — Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdpgetmorepost...

CVE-2023-5815

The News & Blog Designer Pack WordPress plugin (

PT-2023-32349 · WordPress · The News & Blog Designer Pack

Name of the Vulnerable Software and Affected Versions: The News & Blog Designer Pack – WordPress Blog Plugin versions up to, and including, 3.4.1 Description: The issue is related to Remote Code Execution via Local File Inclusion. This is due to the bdp get more post function utilizing an unsafe...

CVE-2022-4792 News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4792

CVE-2022-4792 affects the WordPress plugin “News & Blog Designer Pack” (pre-3.3). The flaw is improper validation/escaping of a shortcode attribute, enabling a user with at least contributor privileges to perform a Stored XSS attack. Impact is limited to data/JS execution via the vulnerable short...