High severity8.8NVD Advisory· Published Sep 23, 2025· Updated Apr 15, 2026
CVE-2025-10380
CVE-2025-10380
Description
The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Model panel. This makes it possible for authenticated attackers, with author-level access or higher, to execute arbitrary PHP code and commands on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.7.19
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.