CVE-2025-47672

May 23, 2025 invoker category_cve

CVE Details

Basic Information

Title	CVE-2025-47672
Type	cve
Published	2025-05-23T13:15:42
Last Seen	2025-05-23T13:56:10

CVSS Information

Base Score	8.1 (HIGH)
Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

AI Analysis

AI Description	This vulnerability allows an attacker to perform PHP Local File Inclusion due to improper filename control in the miniOrange Discord Integration plugin. This could enable access to sensitive files on the server, potentially leading to data breaches or code execution.
AI Severity	High
Vendor	WordPress Community
Product	miniOrange Discord Integration
Affected Version	up to 2.2.2

Additional Information

CVE List	CVE-2025-47672
CWE List	CWE-98
Bulletin Family	cve

Description

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a through 2.2.2.

CVSS Score Summary

Base Score: %!f(string=#) (HIGH)

View Full CVE Details