Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2018-25329: WordPress Plugin WP with Spritz 1.0 allows unauthorized access to files
CVE-2018-25329
Summary
A security flaw in the WordPress Plugin WP with Spritz 1.0 allows anyone to access sensitive files on your website without needing a password. This could potentially expose important information like your website's settings and login credentials. To fix this, update the plugin to the latest version or remove it if possible.
Original title
WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Atta...
Original description
WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access sensitive files like system configuration and credentials.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 17 May 2026 · Updated: 28 May 2026 · First seen: 17 May 2026