CVE-2025-13070 in CSV to SortTable Plugininformation

Résumé (Anglaise)

The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks.

Responsable

WPScan

Réserver

12/11/2025

Divulgation

09/12/2025

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
334936	CSV to SortTable Plugin Shortcode directory traversal	22	Non défini	Non défini	CVE-2025-13070

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

◂ PrécédentAperçuSuivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!