What the vulnerability does
01Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a through <= 2.3.15.
Explanation of Vulnerability in Simple Terms
02Summary
Testimonial Slider And Showcase Pro versions up to 2.3.15 contain a vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service. The vulnerability requires specific network conditions to exploit but does not require user interaction. Site administrators should update immediately to a version newer than 2.3.15.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify site content, or cause the site to become unavailable without needing to log in.
Potential impact on your site
04Site Impact
Your site's data and functionality could be compromised without warning or authentication.
Conditions required to exploit
05Prerequisites
Network access to the site; specific attack complexity conditions must be met.
Key dates
06Disclosure timeline
April 11, 2025
CVE published
May 12, 2026
Record updated