Reconnecting to live updates…

CVE-2025-15491: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Post Slides

Unknown

VulnerabilityCVE-2025-15491cve cve-2025-15491 cwe-22

Published: Sat Feb 07 2026 (02/07/2026, 06:00:06 UTC)

Source: CVE Database V5

Product: Post Slides

Description

The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks

Technical Details

Data Version: 5.2
Assigner Short Name: WPScan
Date Reserved: 2026-01-08T18:41:43.510Z
Cvss Version: null
State: PUBLISHED

Threat ID: 6986d86df9fa50a62ff27dca

Added to database: 2/7/2026, 6:15:09 AM

Last updated: 2/7/2026, 6:15:28 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-15267: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder

Medium

VulnerabilitySat Feb 07 2026

CVE-2025-13463: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder

Medium

VulnerabilitySat Feb 07 2026

CVE-2025-12803: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in boldthemes Bold Page Builder

Medium

VulnerabilitySat Feb 07 2026

CVE-2025-12159: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder

Medium

VulnerabilitySat Feb 07 2026

CVE-2026-2075: Improper Access Controls in yeqifu warehouse

Medium

VulnerabilitySat Feb 07 2026

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

CVE-2025-15491: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Post Slides

CVE-2025-15491: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Post Slides

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-15267: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder

CVE-2025-13463: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder

CVE-2025-12803: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in boldthemes Bold Page Builder

CVE-2025-12159: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder

CVE-2026-2075: Improper Access Controls in yeqifu warehouse

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility