CVE-2025-32656 HIGH

CVE-2025-32656: WordPress Testimonial Slider and Showcase Pro plugin <= 2.3.15 - Local File Inclusion vulnerability

Vendor Radiustheme
Product Testimonial Slider And Showcase Pro
Weakness CWE-98 · PHP file inclusion
Published April 11, 2025
Last update May 12, 2026

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a through <= 2.3.15.

Explanation of Vulnerability in Simple Terms

02Summary

Testimonial Slider And Showcase Pro versions up to 2.3.15 contain a vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service. The vulnerability requires specific network conditions to exploit but does not require user interaction. Site administrators should update immediately to a version newer than 2.3.15.

What an attacker can do

03Attacker Capabilities

Read sensitive data, modify site content, or cause the site to become unavailable without needing to log in.

Potential impact on your site

04Site Impact

Your site's data and functionality could be compromised without warning or authentication.

Conditions required to exploit

05Prerequisites

Network access to the site; specific attack complexity conditions must be met.

Key dates

06Disclosure timeline

April 11, 2025 CVE published
May 12, 2026 Record updated