CVE-2025-9990 in Helpdesk Integration Pluginالمعلومات

الملخص

بحسب MITRE • 05/09/2025

The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portal_type parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

05/09/2025

الاعتدال

تمت الموافقة

إدخال

VDB-322706

CPE

جاهز

CWE

CWE-73 (مؤكد)

CVSS

8.1 (CNA)

EPSS

0.00437

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9990
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9990
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9990/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!