Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
WordPress security plugin WP Ghost vulnerable to remote code execution bug
Malware and Vulnerabilities
March 21, 2025
Bleeping Computer
The flaw, tracked as CVE-2025-26909, impacts all versions of WP Ghost up to 5.4.01 and stems from insufficient input validation in the 'showFile()' function. Exploitation could allow attackers to include arbitrary files via manipulated URL paths.
Read More
WordPress
Wordpress Sites
WP Ghost
Remote Code Execution (RCE)
server hijacking
Publisher
Previous
Fake Semrush Ads Used to Steal SEO Professionals’ Googl ...
Identity Theft, Fraud, Scams
Next
VSCode Extensions Found Downloading Early-Stage Ransomw ...
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/image_bank/18e4_shutterstock_2234397733.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/5ef0_shutterstock_1503980525.jpg)
