CVE-2018-25329 HIGH

CVE-2018-25329: WordPress Plugin WP with Spritz 1.0 Remote File Inclusion

Vendor Wp-With-Spritz

Product WP with Spritz

Weakness CWE-98 · PHP file inclusion

Published May 17, 2026

Last update May 18, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access sensitive files like system configuration and credentials.

Key dates

Disclosure timeline

May 17, 2026 CVE published

May 18, 2026 Record updated