CVE-2025-39429 HIGH

CVE-2025-39429: WordPress Széchenyi 2020 Logo <= 1.1 - Local File Inclusion vulnerability

Vendor Földesi, Mihály
Product Széchenyi 2020 Logo
Weakness CWE-98 · PHP file inclusion
Published April 17, 2025
Last update April 28, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo szechenyi-2020-logo allows PHP Local File Inclusion.This issue affects Széchenyi 2020 Logo: from n/a through <= 1.1.

Explanation of Vulnerability in Simple Terms

02Summary

The Széchenyi 2020 Logo product versions 1.1 and earlier contain a vulnerability that allows an attacker to read sensitive information, modify data, or disrupt service. The attack requires network access and user interaction, such as clicking a malicious link. The exact nature of the vulnerability is unclear due to incomplete technical classification.

What an attacker can do

03Attacker Capabilities

Read sensitive data, modify content, or disrupt the site's availability if a user clicks a malicious link.

Potential impact on your site

04Site Impact

If your site uses this product, users could be tricked into compromising data or availability.

Conditions required to exploit

05Prerequisites

Network access and user interaction (victim must click a link or visit a page).

Key dates

06Disclosure timeline

April 17, 2025 CVE published
April 28, 2026 Record updated

Related vulnerabilities

08Related CVE