Search criteria
1 vulnerability by liangshao
CVE-2025-14867 (GCVE-0-2025-14867)
Vulnerability from cvelistv5 – Published: 2026-01-07 06:36 – Updated: 2026-01-07 16:13
VLAI?
Title
Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal
Summary
The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| liangshao | Flashcard Plugin for WordPress |
Affected:
* , ≤ 0.9
(semver)
|
Credits
Bhumividh Treloges
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T14:51:14.580283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:13:36.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flashcard Plugin for WordPress",
"vendor": "liangshao",
"versions": [
{
"lessThanOrEqual": "0.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bhumividh Treloges"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the \u0027source\u0027 attribute of the \u0027flashcard\u0027 shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T06:36:04.362Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fcc6e5-1f90-41e7-8d5a-2bfe8cbf46fa?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/flashcard/tags/0.9/flashcard.php?marks=73,109#L73"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-17T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-06T18:34:27.000+00:00",
"value": "Disclosed"
}
],
"title": "Flashcard Plugin for WordPress \u003c= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14867",
"datePublished": "2026-01-07T06:36:04.362Z",
"dateReserved": "2025-12-18T02:45:09.366Z",
"dateUpdated": "2026-01-07T16:13:36.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}