CVE-2025-49935 | xtemos WoodMart Plugin up to 8.3.2 on WordPress filename control

A vulnerability categorized as critical has been discovered in xtemos WoodMart Plugin up to 8.3.2 on WordPress. This vulnerability affects unknown code. The manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is reported as CVE-2025-49935. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More