{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52728", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-06-19T10:02:39.647Z", "datePublished": "2025-08-14T10:34:02.317Z", "dateUpdated": "2026-04-01T15:56:11.503Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "responsive-posts-carousel-pro", "product": "Responsive Posts Carousel Pro", "vendor": "WebCodingPlace", "versions": [{"changes": [{"at": "15.1", "status": "unaffected"}], "lessThanOrEqual": "15.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:41:34.708Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.<p>This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.0.</p>"}], "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.0."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:56:11.503Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/responsive-posts-carousel-pro/vulnerability/wordpress-responsive-posts-carousel-wordpress-plugin-plugin-15-0-local-file-inclusion-vulnerability?_s_id=cve"}], "title": "WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T18:53:06.545717Z", "id": "CVE-2025-52728", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T18:53:44.352Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52728", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-14T18:53:06.545717Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T18:53:18.135Z"}}], "cna": {"title": "WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "CAPEC-252 PHP Local File Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WebCodingPlace", "product": "Responsive Posts Carousel WordPress Plugin", "versions": [{"status": "affected", "changes": [{"at": "15.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "15.0"}], "packageName": "responsive-posts-carousel-pro", "collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Responsive Posts Carousel WordPress Plugin plugin to the latest available version (at least 15.1).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Responsive Posts Carousel WordPress Plugin plugin to the latest available version (at least 15.1).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/responsive-posts-carousel-pro/vulnerability/wordpress-responsive-posts-carousel-wordpress-plugin-plugin-15-0-local-file-inclusion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion.</p><p>This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-08-14T10:34:02.317Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52728", "state": "PUBLISHED", "dateUpdated": "2025-08-14T18:53:44.352Z", "dateReserved": "2025-06-19T10:02:39.647Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-08-14T10:34:02.317Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.0."}, {"lang": "es", "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en un programa PHP ('Inclusi\u00f3n remota de archivos PHP') en el complemento WebCodingPlace Responsive Posts Carousel para Wordpress permite la inclusi\u00f3n local de archivos PHP. Este problema afecta al complemento de WordPress WebCodingPlace Responsive Posts Carousel desde n/d hasta la versi\u00f3n 15.0."}], "id": "CVE-2025-52728", "lastModified": "2026-04-01T17:25:38.310", "metrics": {}, "published": "2025-08-14T11:15:42.410", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/responsive-posts-carousel-pro/vulnerability/wordpress-responsive-posts-carousel-wordpress-plugin-plugin-15-0-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2025-08-16T21:41:22.038469+00:00", "updated": "2025-08-16T21:41:22.038523+00:00", "vendors": ["webcodingplace", "webcodingplace$PRODUCT$responsive_posts_carousel_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}