Description

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.

INFO

Published Date :

2025-11-14T06:00:09.051Z

Last Modified :

2025-11-14T15:08:08.868Z

Source :

WPScan
AFFECTED PRODUCTS

The following products are affected by CVE-2025-10686 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10686.

URL Resource
https://wpscan.com/vulnerability/27d58c5a-ab87-41aa-a806-53fa96d4351c/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System