CVE-2025-68064 | Everthemess Goya Core Plugin prior 1.0.9.4 on WordPress filename control
摘要
A vulnerability was found in <a href="https://vuldb.com/product/everthemess:goya_core_plugin">Everthemess Goya Core Plugin</a> on WordPress. It has been rated as <a href="https://vuldb.com/kb/risk">problematic</a>. This impacts an unknown function. This manipulation causes improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is registered as <a href="https://vuldb.com/cve/CVE-2025-68064">CVE-2025-68064</a>. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.
标签
- CVE-2025-68064
扩展字段
{
"raw_pub_date": "Fri, 26 Jun 2026 18:27:15 +0200"
}