PHP File Inclusion Vulnerability in WordPress

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

PHP File Inclusion Vulnerability in WordPress

CVE-2025-59819

Summary

A security issue in WordPress allows hackers who have logged in to your site to view any file on your server. This means they can access sensitive information, such as configuration files or user data. To protect your site, update to the latest version of WordPress or apply a patch if available.

Original title

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path.

Original description

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path.

nvd CVSS3.1 6.5

Vulnerability type

CWE-22 Path Traversal

https://wiki.zenitel.com/wiki/AlphaCom_13.02_-_Release_Notes
https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Secur...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026