CVE-2025-23952
CVE-2025-23952 describes an Unvalidated Filename handling flaw in WordPress plugin Custom Field List Widget (ntm custom-field-list-widget) that allows Local File Inclusion via PHP include/require. Affected: custom-field-list-widget versions