CVE-2025-15491

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

07/02/2026

Last modified:

07/02/2026

Description

The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks

Impact

References to Advisories, Solutions, and Tools

https://wpscan.com/vulnerability/eb0424cc-e60c-44a5-aa24-cd1fe042b27a/