RadiusTheme Widget for Google Reviews 1.0.14 for WordPress

CPE Details

RadiusTheme Widget for Google Reviews 1.0.14 for WordPress
radiustheme
widget_for_google_reviews
1.0.14
2025-07-10
17h28 +00:00
2025-07-10
17h28 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:radiustheme:widget_for_google_reviews:1.0.14:*:*:*:*:wordpress:*:*

Informations

Vendor

radiustheme

Product

widget_for_google_reviews

Version

1.0.14

Target Software

wordpress

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-7327 2025-07-08 05h23 +00:00 The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.