Skip to main content
CVE-2025-64284 HIGH This Week

Local file inclusion in Majestic Support WordPress plugin versions ≤1.0.7 allows authenticated attackers with low-level privileges to include arbitrary PHP files from the server filesystem via improper filename control in include/require statements. With CVSS 7.5 (High), the vulnerability requires high attack complexity but can lead to complete confidentiality, integrity, and availability compromise. EPSS score of 0.10% (28th percentile) suggests low probability of mass exploitation. No public exploit code identified and not present in CISA KEV at time of analysis, though Patchstack tracking indicates vendor awareness.

PHP LFI File Upload
NVD
CVSS 3.1
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy