High severity7.2NVD Advisory· Published Nov 14, 2025· Updated Apr 15, 2026
CVE-2025-10686
CVE-2025-10686
Description
The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.2.4
- Range: <1.2.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.