WordPress BeeTeam368 Extensions Plugin

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue affects BeeTeam368 Extensions: from n/a through 1.9.4.

AI Analysis

A Local File Inclusion vulnerability in BeeTeam368 Extensions plugin for WordPress allows attackers to include arbitrary files from the server, potentially leading to remote code execution or sensitive data disclosure.

Basic Information

ID CVE-2025-25174

Source Patchstack

Published Aug 14, 2025 at 10:34

Affected Product

Vendor beeteam368

Product BeeTeam368 Extensions

Version n/a

Affected Versions beeteam368 BeeTeam368 Extensions n/a

CWE Classification

CWE-98

AI Assessment

AI Score 10 / 10

AI Severity CRITICAL

Vendor BeeTeam368

Product BeeTeam368 Extensions

Version <=1.9.4

References

patchstack.com /database/wordpress/plugin/beeteam368-extensions/vulnerability/wordpress-beeteam368-extensions-plugin-1-9-4-local-file-inclusion-vulnerability

{
    "lastseen": "",
    "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue affects BeeTeam368 Extensions: from n/a through 1.9.4.",
    "published": "2025-08-14T10:34:35.115Z",
    "modified": "2025-08-14T10:34:35.115Z",
    "type": "cve",
    "title": "WordPress BeeTeam368 Extensions Plugin <= 1.9.4 - Local File Inclusion Vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/beeteam368-extensions/vulnerability/wordpress-beeteam368-extensions-plugin-1-9-4-local-file-inclusion-vulnerability?_s_id=cve",
    "id": "CVE-2025-25174",
    "bulletinFamily": "",
    "cwe": [
        "CWE-98"
    ],
    "cvelist": null,
    "sourceData": "beeteam368 BeeTeam368 Extensions n/a",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BeeTeam368 Extensions",
    "version": "n/a",
    "vendor": "beeteam368",
    "ai_description": "A Local File Inclusion vulnerability in BeeTeam368 Extensions plugin for WordPress allows attackers to include arbitrary files from the server, potentially leading to remote code execution or sensitive data disclosure.",
    "ai_severity": "CRITICAL",
    "ai_vendor": "BeeTeam368",
    "ai_product": "BeeTeam368 Extensions",
    "ai_version": "<=1.9.4",
    "ai_score": 10
}

WordPress BeeTeam368 Extensions Plugin <= 1.9.4 - Local File Inclusion Vulnerability_CVE-2025-25174