CVE Details
Basic Information
| Title |
CVE-2025-47670 |
| Type |
cve |
| Published |
2025-05-23T13:15:42 |
| Last Seen |
2025-05-23T13:56:08 |
CVSS Information
| Base Score |
8.1 (HIGH) |
| Attack Vector |
NETWORK |
| Attack Complexity |
HIGH |
| Privileges Required |
NONE |
| User Interaction |
NONE |
| Scope |
UNCHANGED |
| Confidentiality Impact |
HIGH |
| Integrity Impact |
HIGH |
| Availability Impact |
HIGH |
AI Analysis
| AI Description |
A PHP Remote File Inclusion vulnerability in the miniOrange WordPress Social Login and Register plugin allows attackers to execute arbitrary PHP code remotely. This affects versions up to 7.6.10 and poses a high risk due to potential unauthorized access and code execution. |
| AI Severity |
High |
| Vendor |
WordPress Community |
| Product |
miniOrange WordPress Social Login and Register |
| Affected Version |
n/a through 7.6.10 |
Additional Information
| CVE List |
CVE-2025-47670 |
| CWE List |
CWE-98 |
| Bulletin Family |
cve |
Description
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in miniOrange WordPress Social Login and Register allows PHP Local File Inclusion. This issue affects WordPress Social Login and Register: from n/a through 7.6.10.
CVSS Score Summary
Base Score: %!f(string=#) (HIGH)
View Full CVE Details
