cleantalk
Vulnerabilities and Security Researches

Post Slides, CVE-2025-15491

CVE, Research URL

CVE-2025-15491

Home page URL

Security reports for Post Slides

Application

Post Slides

Published on
Feb 07, 2026
Research Description
The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks
Affected versions
max 1.0.1.
Status
vulnerable
Previous vulnerability researches
Coming Soon Page & Maintenance Mode (CVE-2019-25139) , Jun 10, 2024
Coming Soon Page & Maintenance Mode (fd9c668cc0f17388cd919046a5f290722fd40062) , Jun 11, 2024
Coming Soon Page & Maintenance Mode (CVE-2019-25140) , Jun 10, 2024
Coming Soon Page & Maintenance Mode (CVE-2024-1136) , Jun 10, 2024
Coming Soon Page – Responsive Coming Soon & Maintenance Mode (CVE-2018-5664) , Jun 07, 2024
New vulnerability
ElementInvader Addons for Elementor (CVE-2026-25028) , Feb 27, 2026
SportsPress – Sports Club & League Manager (CVE-2025-15368) , Feb 27, 2026
Addonify – WooCommerce Wishlist (CVE-2025-68024) , Feb 27, 2026
Cool Tag Cloud (CVE-2025-69011) , Feb 27, 2026
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026