CVE-2025-31015

{"id": "CVE-2025-31015", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2025-04-11T09:15:19.593", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/mailhawk/vulnerability/wordpress-wordpress-smtp-service-email-delivery-solved-mailhawk-1-3-1-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-98"}]}], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk: from n/a through <= 1.3.1."}, {"lang": "es", "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n de archivo remoto PHP') en Adrian Tobey WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk: desde n/a hasta 1.3.1."}], "lastModified": "2026-04-23T15:27:32.063", "sourceIdentifier": "audit@patchstack.com"}