{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6715", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2025-06-26T13:15:47.093Z", "datePublished": "2025-08-13T06:00:02.587Z", "dateUpdated": "2025-08-13T16:02:40.135Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-08-13T06:00:02.587Z"}, "title": "Latepoint < 5.1.94 - Unauthenticated LFI", "problemTypes": [{"descriptions": [{"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "LatePoint", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "5.1.94"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files."}], "references": [{"url": "https://wpscan.com/vulnerability/357aba51-b65e-4691-864b-fef1c78a9362/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "wesley (wcraft)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"references": [{"url": "https://wpscan.com/vulnerability/357aba51-b65e-4691-864b-fef1c78a9362/", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-13T15:55:07.088212Z", "id": "CVE-2025-6715", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T16:02:40.135Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-6715", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-13T15:55:07.088212Z"}}}], "references": [{"url": "https://wpscan.com/vulnerability/357aba51-b65e-4691-864b-fef1c78a9362/", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T14:03:25.278Z"}}], "cna": {"title": "Latepoint < 5.1.94 - Unauthenticated LFI", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "wesley (wcraft)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "LatePoint", "versions": [{"status": "affected", "version": "0", "lessThan": "5.1.94", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/357aba51-b65e-4691-864b-fef1c78a9362/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-08-13T06:00:02.587Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6715", "state": "PUBLISHED", "dateUpdated": "2025-08-13T16:02:40.135Z", "dateReserved": "2025-06-26T13:15:47.093Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2025-08-13T06:00:02.587Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files."}, {"lang": "es", "value": "El complemento LatePoint para WordPress anterior a la versi\u00f3n 5.1.94 es vulnerable a la inclusi\u00f3n de archivos locales mediante el par\u00e1metro layout. Esto permite a los atacantes incluir y ejecutar archivos PHP en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en dichos archivos."}], "id": "CVE-2025-6715", "lastModified": "2025-08-13T17:33:46.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-13T06:15:26.537", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/357aba51-b65e-4691-864b-fef1c78a9362/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://wpscan.com/vulnerability/357aba51-b65e-4691-864b-fef1c78a9362/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Awaiting Analysis"}

{}