Vulnerability DatabaseCVE-2025-24733

CVE-2025-24733:
WordPress vulnerability analysis and mitigation

Overview

CVE-2025-24733 is a Local File Inclusion vulnerability discovered in AddonMaster Post Grid Master plugin affecting versions through 3.4.12. The vulnerability was disclosed on January 24, 2025, and is classified as a PHP Remote File Inclusion vulnerability, specifically an Improper Control of Filename for Include/Require Statement in PHP Program (NVD, Patchstack).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue is tracked under CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program) (Patchstack).

Impact

This vulnerability could allow a malicious actor to include local files of the target website and display their contents. Particularly sensitive files containing credentials, such as database configuration files, could potentially be exposed, leading to a complete database compromise depending on the system configuration (Patchstack).

Mitigation and workarounds

Users are advised to update to version 3.4.13 or later to remediate this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).