First published: Thu Mar 27 2025(Updated: )
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hide My WP Ghost | >n/a<=5.4.01 | |
Hide My WP | <=5.4.01 |
Update the WordPress Hide My WP Ghost plugin to the latest available version (at least 5.4.02).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-26909 is classified as a high-severity vulnerability due to its potential for remote code execution.
To fix CVE-2025-26909, update the Hide My WP Ghost plugin to version 5.4.02 or later.
CVE-2025-26909 is an Improper Control of Filename for Include/Require Statement vulnerability, specifically leading to PHP Local File Inclusion.
CVE-2025-26909 affects Hide My WP Ghost from n/a up to and including version 5.4.01.
Exploiting CVE-2025-26909 can lead to unauthorized remote access and execution of arbitrary code on the affected server.