High severity7.5NVD Advisory· Published May 17, 2026

CVE-2018-25329

Description

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access sensitive files like system configuration and credentials.

Affected products

WordPress/Wp With Spritzinferred
Range: = 1.0
Package: https://wordpress.org/plugins/wp-with-spritz

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

downloads.wordpress.org/plugin/wp-with-spritz.zipnvd
www.exploit-db.com/exploits/44544nvd
www.vulncheck.com/advisories/wordpress-plugin-wp-with-spritz-remote-file-inclusionnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000