CVE-2025-0859: Wp Locate Template Path Traversal
Untrusted input is passed directly to `locate_template()`. This can lead to local file inclusion (LFI) or path traversal vulnerabilities, allowing an attacker to bypass constraints and access or execute files outside the intended template directory.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
PHPβ
PHPβgreprules fetch cve-2025-0859-wp-locate-template-path-traversal --engine opengrepDescription
Untrusted input is passed directly to `locate_template()`. This can lead to local file inclusion (LFI) or path traversal vulnerabilities, allowing an attacker to bypass constraints and access or execute files outside the intended template directory.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0