Latepoint < 5.1.94 - Unauthenticated LFI_CVE-2025-6715

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

Basic Information

ID CVE-2025-6715

Source WPScan

Published Aug 13, 2025 at 06:00

Modified Aug 13, 2025 at 16:02

Affected Product

Vendor Unknown

Product LatePoint

Affected Versions Unknown LatePoint 0

CWE Classification

References

wpscan.com /vulnerability/357aba51-b65e-4691-864b-fef1c78a9362/

{
    "lastseen": "",
    "description": "The LatePoint  WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.",
    "published": "2025-08-13T06:00:02.587Z",
    "modified": "2025-08-13T16:02:40.135Z",
    "type": "cve",
    "title": "Latepoint < 5.1.94 - Unauthenticated LFI",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/357aba51-b65e-4691-864b-fef1c78a9362/",
    "id": "CVE-2025-6715",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown LatePoint 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LatePoint",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}