CVE-2025-31015: 
WordPress vulnerability analysis and mitigation

CVE-2025-31015 is a Local File Inclusion vulnerability affecting the WordPress SMTP Service, Email Delivery Solved! — MailHawk plugin through version 1.3.1. The vulnerability was discovered by Nguyen Xuan Chien and was publicly disclosed on April 9, 2025 (Patchstack Database).

The vulnerability is classified as an Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability (CWE-98). It has been assigned a CVSS v3.1 score of 7.5 (High) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD Database).

This vulnerability could allow an attacker to include local files of the target website and display their contents. Particularly sensitive files containing credentials, such as database configuration files, could potentially be exposed, leading to complete database compromise depending on the system configuration (Patchstack Database).

Users are advised to update to version 1.3.2 or later to resolve the vulnerability. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking any attacks until the update can be applied (Patchstack Database).