CVE-2025-15491

MEDIUM 5.5

Post Slides <= 1.0.1 - Contributor+ Local File Inclusion

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

4th

The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks

Vendor	unknown
Product	post slides
Published	Feb 7, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown post slides

Be the first to know when new medium vulnerabilities affecting unknown post slides are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Post Slides

0 ≤ 1.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/eb0424cc-e60c-44a5-aa24-cd1fe042b27a/

Credits

Khaled Alenazi (Nxploited) WPScan