cleantalk
Vulnerabilities and Security Researches

Ghost Kit – Page Builder Blocks & Extensions, CVE-2025-53567

CVE, Research URL

CVE-2025-53567

Home page URL

Security reports for Ghost Kit – Page Builder Blocks & Extensions

Application

Ghost Kit – Page Builder Blocks & Extensions

Published on
Aug 20, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit ghostkit allows PHP Local File Inclusion.This issue affects Ghost Kit: from n/a through <= 3.4.1.
Affected versions
max 3.4.2.
Status
vulnerable
Previous vulnerability researches
Ghost Kit – Page Builder Blocks &amp; Extensions (CVE-2025-9992) , Apr 23, 2026
Ghost Kit – Page Builder Blocks &amp; Extensions (CVE-2025-53567) , Jul 20, 2025
New vulnerability
Portfolio Gallery, Product Catalog &#8211; Grid KIT Portfolio (CVE-2025-5092) , Apr 24, 2026
Media Library Assistant (CVE-2025-59590) , Apr 24, 2026
Beaver Builder &#8211; WordPress Page Builder (CVE-2025-8897) , Apr 24, 2026
Real Estate Pro (CVE-2026-1845) , Apr 24, 2026
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic (CVE-2025-58650) , Apr 23, 2026