- Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- audit@patchstack.com
- CWE-98
- Hype score
- Not currently trending
#exploit 1. CVE-2024-55963: Unauth RCE in Default-Install of Appsmith https://t.co/19DZTAmc23 2. CVE-2025-26909: LFI to RCE in WP Ghost Plugin https://t.co/hjBJcDtF4a 3. CVE-2025-27840: Vulnerability in ESP32 Microcontrollers https://t.co/i9iGGZfYTc
@ksg93rd
31 Mar 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-26909: CRITICAL] Vulnerability in Hide My WP Ghost plugin allows PHP Remote File Inclusion exploit, affecting versions from n/a to 5.4.01. Ensure cyber security measures are in place.#cybersecurity,#vulnerability https://t.co/l681x4mtvx https://t.co/gWquKV0jVy
@CveFindCom
27 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPressの人気セキュリティプラグイン「WP Ghost」に深刻な脆弱性(CVE-2025-26909、CVSS 9.6)が発見された。認証なしで任意ファイルを読み込むLFI脆弱性により、遠隔からコード実行(RCE)が可能となる。200,000以上のサイトに影響がある。 https://t.co/DGp4NWNH4P
@yousukezan
24 Mar 2025
3369 Impressions
14 Retweets
47 Likes
11 Bookmarks
0 Replies
0 Quotes
🚨 Critical WordPress vulnerability detected! Over 200,000 sites using the WP Ghost plugin are at risk due to a flaw (CVE-2025-26909) that allows unauthenticated remote code execution. Hackers can exploit this to take control of websites. #Darkweb https://t.co/ZF7G3lwRdM https://
@godeepweb
24 Mar 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPressで人気のセキュリティプラグイン「WP Ghost」でRCE脆弱性,20万サイトへ影響(CVE-2025-26909 ) #セキュリティ対策Lab #セキュリティ #Security https://t.co/331htojFVZ
@securityLab_jp
24 Mar 2025
57 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
WP Ghost, a popular WordPress security plugin, has a critical vulnerability (CVE-2025-26909) in versions up to 5.4.01, allowing remote code execution. Users should update to 5.4.02 or 5.4.03 to fix it. #Security https://t.co/b9xshf7Awf
@Strivehawk
20 Mar 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 El plugin de seguridad de WordPress, WP Ghost, es vulnerable a una falla de gravedad crítica que podría permitir ejecutar código de forma remota y secuestrar servidores. La misma (CVE-2025-26909) se debe a una validación de entrada insuficiente en la función "showFile()". 🧉
@MarquisioX
20 Mar 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
20万サイト以上が使用するWordPressのセキュリティプラグインWP Ghostに重大(Critical)な脆弱性。CVE-2025-26909はCVSSスコア9.6。認証不要のLFI脆弱性で、殆どの環境で遠隔コード実行が可能。修正版あり。 https://t.co/vn7dyUL7n5
@__kokumoto
20 Mar 2025
918 Impressions
2 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Understanding and Mitigating the CVE-2025-26909 Vulnerability in WP Ghost Plugin https://t.co/Qh5om9lBpQ #cve202526909 #wpghost #wordpresssecurity #cybersecurity #vulnerability
@DefendOpsHQ
20 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes