CVE-2025-22305

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 98

Summary

CVE-2025-22305 is a filename manipulation vulnerability affecting WP OnlineSupport's Hero Banner Ultimate plugin. The issue resides in the plugin's handling of include/require statements, which can lead to PHP Local File Inclusion. attackers can exploit this vulnerability by supplying malicious filenames. This flaw impacts Hero Banner Ultimate from its unspecified initial version up to 1.4.2. Successful exploitation may allow an attacker to execute arbitrary PHP code on the vulnerable system. Users are advised to update their Hero Banner Ultimate plugin to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share