CVE-2025-68984 | Thembay Puca Plugin up to 2.6.39 on WordPress filename control

A vulnerability described as critical has been identified in Thembay Puca Plugin up to 2.6.39 on WordPress. This vulnerability affects unknown code. Executing manipulation can lead to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is registered as CVE-2025-68984. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More