Vulnerabilities and security researches foradd-custom-page-template add-custom-page-template

Apr 27, 2025

CVE, Research URL: CVE-2025-3491
Home page URL: Security reports for Add custom page template
Application: Add custom page template
Date: Apr 26, 2025
Research Description: The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. This is due to insufficient sanitization of the 'template_name' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.
Affected versions: Min -, max -.
Status: vulnerable