CVE-2025-58937 | axiomthemes Tacticool Plugin up to 1.0.13 on WordPress filename control

A vulnerability was found in axiomthemes Tacticool Plugin up to 1.0.13 on WordPress. It has been classified as critical. The impacted element is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is listed as CVE-2025-58937. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More