cleantalk
Vulnerabilities and Security Researches

Post Slides, CVE-2025-15491

CVE, Research URL

CVE-2025-15491

Home page URL

Security reports for Post Slides

Application

Post Slides

Published on
Feb 07, 2026
Research Description
The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks
Affected versions
max 1.0.1.
Status
vulnerable
Previous vulnerability researches
Post Slides (CVE-2025-15491) , Feb 27, 2026
New vulnerability
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026
Page Builder Gutenberg Blocks – CoBlocks (CVE-2026-27094) , Feb 27, 2026
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2025-14795) , Feb 27, 2026