CVE-2025-13886
📋 TL;DR
The LT Unleashed WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary PHP files on the server. This can lead to remote code execution, data theft, or privilege escalation. All WordPress sites using LT Unleashed version 1.1.1 or earlier are affected.
💻 Affected Systems
- LT Unleashed WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, sensitive file disclosure (including wp-config.php with database credentials), and complete site takeover.
Likely Case
Unauthorized file access leading to sensitive data exposure, privilege escalation to administrator, or backdoor installation.
If Mitigated
Limited impact if proper file permissions restrict PHP execution and wp-config.php is properly secured.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via the 'template' parameter in the book shortcode.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.2 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/lt-unleashed
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find LT Unleashed and click 'Update Now'. 4. Verify version is 1.1.2 or higher.
🔧 Temporary Workarounds
Disable LT Unleashed Plugin
allTemporarily deactivate the vulnerable plugin until patched.
wp plugin deactivate lt-unleashed
Restrict User Roles
allRemove Contributor and higher roles from untrusted users.
🧯 If You Can't Patch
- Remove the LT Unleashed plugin entirely from the WordPress installation.
- Implement web application firewall rules to block requests containing 'template' parameter in book shortcode.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for LT Unleashed version 1.1.1 or earlier.Check Version:
wp plugin get lt-unleashed --field=versionVerify Fix Applied:
Confirm LT Unleashed version is 1.1.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'template' parameter with file paths in book shortcode
- Unusual file inclusion attempts in WordPress debug logs
Network Indicators:
- POST/GET requests to WordPress with 'template' parameter containing path traversal sequences
SIEM Query:
source="wordpress_access.log" AND ("template=" AND ("../" OR "/etc/" OR "wp-config"))🔗 References
- https://plugins.trac.wordpress.org/browser/lt-unleashed/tags/1.1.1/lt-unleashed.php#L315
- https://plugins.trac.wordpress.org/browser/lt-unleashed/trunk/lt-unleashed.php#L241
- https://plugins.trac.wordpress.org/browser/lt-unleashed/trunk/lt-unleashed.php#L315
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c72099cc-e70a-4afe-92c0-8f9f8c1e91b7?source=cve
