VYPR
Medium severity4.3NVD Advisory· Published May 22, 2025· Updated Jun 17, 2026

CVE-2025-4419

CVE-2025-4419

Description

The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • WordPress/Hot Random Imagellm-fuzzy2 versions
    <=1.9.2+ 1 more
    • (no CPE)range: <=1.9.2
    • (no CPE)
  • hotwptemplates/Hot Random Imagev5
    Range: 0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.