CVE-2025-32585: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability has been identified in Trusty Plugins Shop Products Filter (CVE-2025-32585), affecting versions through 1.2. The vulnerability was discovered and reported by LVT-tholv2k on December 28, 2024, and was publicly disclosed on April 11, 2025. This security flaw allows PHP Local File Inclusion in the Shop Products Filter plugin (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The weakness is categorized as CWE-35 (Path Traversal: '.../...//'), indicating a path traversal vulnerability that could allow unauthorized access to files outside the intended directory structure (Patchstack).

The vulnerability allows malicious actors to include local files of the target website and display their contents. This could potentially expose sensitive information, including database credentials, which might lead to complete database compromise depending on the system configuration. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (Patchstack).

No official fix is currently available for this vulnerability. Security experts recommend either removing and replacing the software or implementing virtual patching through security solutions. Deactivating the software alone does not remove the security threat unless additional protective measures are implemented (Patchstack).