资产安全
商业安全
安全服务
返回- 漏洞ID:
- 漏洞类型:路径遍历
- 发布日期:2026-01-17 00:00:00
- 更新时间:2026-01-19 00:00:00
- CVE编号:CVE-2025-13725
- CNNVD-ID:CNNVD-202601-2933
- 漏洞平台:X-Ways
- CVSS评分:
暂无
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor 1.0.1及之前版本存在路径遍历漏洞,该漏洞源于路径验证不足,可能导致经过身份验证的攻击者通过iconSVG参数读取服务器上的任意文件内容。
来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/thim-blocks/tags/1.0.1/inc/Gutenberg/Blocks/Icon/IconBlockType.php#L92 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/thim-blocks/tags/1.0.1/inc/Gutenberg/Blocks/Icon/IconBlockType.php#L97 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/thim-blocks/trunk/inc/Gutenberg/Blocks/Icon/IconBlockType.php#L92 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/thim-blocks/trunk/inc/Gutenberg/Blocks/Icon/IconBlockType.php#L97 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3419638%40thim-blocks&new=3419638%40thim-blocks&sfp_email=&sfph_mail= 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3424998%40thim-blocks&new=3424998%40thim-blocks&sfp_email=&sfph_mail= 来源:www.wordfence.com 链接:https://www.wordfence.com/threat-intel/vulnerabilities/id/80de464f-a4b0-4aaf-8869-f8d29a422bdb?source=cve 来源:access.redhat.com 链接:https://access.redhat.com/security/cve/cve-2025-13725
微信扫码关注公众号
