Untriaged
Permalink
CVE-2025-28916
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1.
References
Affected products
docpro
- =<2.0.1
Matching in nixpkgs
pkgs.python312Packages.jupyter-docprovider
JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models
-
nixos-unstable -
- nixpkgs-unstable 2.1.1
pkgs.python313Packages.jupyter-docprovider
JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models
-
nixos-unstable -
- nixpkgs-unstable 2.1.1
Package maintainers
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
-
@thomasjm Tom McLaughlin <tom@codedown.io>