Cyber Posture

CVE-2018-25329

HighPublic PoC

Published: 17 May 2026

Published
17 May 2026
Modified
18 May 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0003 8.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25329 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability in Wordpress (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

NVD Description

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to…

more

access sensitive files like system configuration and credentials.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-98

Affected Products

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2024-56281Shared CWE-98
CVE-2025-58803Shared CWE-98
CVE-2025-58958Shared CWE-98
CVE-2026-27052Shared CWE-98
CVE-2026-28096Shared CWE-98
CVE-2026-32364Shared CWE-98
CVE-2025-67935Shared CWE-98
CVE-2025-49941Shared CWE-98
CVE-2025-69356Shared CWE-98
CVE-2026-27990Shared CWE-98

References