CVE-2025-12824 | Player Leaderboard Plugin up to 1.0.0/1.0.2 on WordPress Shortcode player_leaderboard mode file inclusion

December 11, 2025 Yanac

A vulnerability was found in Player Leaderboard Plugin up to 1.0.0/1.0.2 on WordPress. It has been rated as critical. Affected is the function player_leaderboard of the component Shortcode Handler. Performing manipulation of the argument mode results in file inclusion.

This vulnerability is known as CVE-2025-12824. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More