Skip to main content

Tourmaster

1 CVEs product

Monthly

CVE-2025-69133 HIGH This Week

Local File Inclusion in the GoodLayers Tourmaster WordPress plugin (versions <= 5.4.5) allows low-privileged authenticated users at the Subscriber level to include and read arbitrary local files from the server, exposing sensitive data such as configuration files and credentials. Reported through Patchstack and mapped to CWE-98, the flaw carries a CVSS 7.5 (High) score with high attack complexity; no public exploit code has been identified at time of analysis, and it is not listed in CISA KEV.

LFI Information Disclosure PHP Tourmaster
NVD
CVSS 3.1
7.5
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Local File Inclusion in the GoodLayers Tourmaster WordPress plugin (versions <= 5.4.5) allows low-privileged authenticated users at the Subscriber level to include and read arbitrary local files from the server, exposing sensitive data such as configuration files and credentials. Reported through Patchstack and mapped to CWE-98, the flaw carries a CVSS 7.5 (High) score with high attack complexity; no public exploit code has been identified at time of analysis, and it is not listed in CISA KEV.

LFI Information Disclosure PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy