CVE-2025-14388

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

EUVD-2025-204781

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

CVE-2025-14388

CVE-2025-14388 (PhastPress) is a WordPress plugin vulnerability: unauthenticated arbitrary file read via a null-byte injection. Root cause is a mismatch between URL decoding in getExtensionForURL() and null-byte stripping in appendNormalized(), enabling a crafted path to access sensitive files li...

CVE-2021-24210

There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago...

WordPress 输入验证错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the...