Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26909

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.

Published

2025-03-27T16:15:30.400

Last Modified

2025-06-25T20:47:07.753

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

Weaknesses

Type: Secondary
CWE-98

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wpplugins	hide_my_wp_ghost	< 5.4.02	Yes

References

https://patchstack.com/database/wordpress/plugin/hide-my-wp/vulnerability/wordpress-hide-my-wp-ghost-plugin-5-4-01-local-file-inclusion-to-rce-vulnerability?_s_id=cve Third Party Advisory ([email protected])