← volver
CVE-2025-15020

Gotham Block Extra Light <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode

CVSS 6.5 MEDIUMEPSS 0.3%CWE-22
The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
gothamdev · Gotham Block Extra Light

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/browser/gotham-block-extra-light/trunk/premium/ghostban.php?marks=56#L56https://plugins.trac.wordpress.org/changeset/3438393/https://www.wordfence.com/threat-intel/vulnerabilities/id/b194b241-d8f4-430c-b00c-d84190026bad?source=cve