CVE-2025-67525 | Opal_WP ekommart Plugin up to 4.3.1 on WordPress filename control

A vulnerability categorized as critical has been discovered in Opal_WP ekommart Plugin up to 4.3.1 on WordPress. This impacts an unknown function. Such manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is listed as CVE-2025-67525. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More