Vulnerabilities and security researches forerr-our-team err-our-team

Aug 16, 2025

CVE, Research URL: CVE-2025-8905
Home page URL: Security reports for Inpersttion For Theme
Application: Inpersttion For Theme
Date: Aug 15, 2025
Research Description: The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server which is limited to arbitrary functions without any user supplied parameters.
Affected versions: Min -, max -.
Status: vulnerable