SolverWp Eleblog Allows Malicious Files to Be Injected into WordPress

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

SolverWp Eleblog Allows Malicious Files to Be Injected into WordPress

CVE-2025-69374

Summary

A security flaw in SolverWp Eleblog's Elementor Blog And Magazine Addons allows attackers to inject malicious PHP code into the WordPress site. This can lead to unauthorized access to sensitive data and potentially compromise the entire site. Update to version 2.0.4 or later to fix the issue.

Original title

Original description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through <= 2.0.3.

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Plugin/ele-blog/vulnerability/wordpres...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026