First published: Wed Mar 26 2025(Updated: )
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
NotFound Docpro | >=n/a<=2.0.1 | |
WordPress Docpro plugin | <=2.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-28916 is classified as a high severity vulnerability due to its potential for local file inclusion attacks.
To fix CVE-2025-28916, update NotFound Docpro to version 2.0.2 or higher.
CVE-2025-28916 affects NotFound Docpro from version n/a up to 2.0.1 inclusive.
CVE-2025-28916 is an improper control of filename for include/require statement vulnerability leading to PHP remote file inclusion.
Yes, the WordPress Docpro plugin is affected by CVE-2025-28916 up to version 2.0.1.