CVE-2025-30890

{"id": "CVE-2025-30890", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2025-03-27T11:15:49.920", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/login-widget-for-ultimate-member/vulnerability/wordpress-login-widget-for-ultimate-member-plugin-1-1-2-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-98"}]}], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SuitePlugins Login Widget for Ultimate Member allows PHP Local File Inclusion. This issue affects Login Widget for Ultimate Member: from n/a through 1.1.2."}, {"lang": "es", "value": "La vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n remota de archivos en PHP') en SuitePlugins Login Widget for Ultimate Member permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta al widget de inicio de sesi\u00f3n de Ultimate Member desde n/d hasta la versi\u00f3n 1.1.2."}], "lastModified": "2025-03-27T16:45:12.210", "sourceIdentifier": "audit@patchstack.com"}