CVE-2025-58900 | AncoraThemes UniTravel Plugin up to 1.4.2 on WordPress filename control

A vulnerability classified as critical has been found in AncoraThemes UniTravel Plugin up to 1.4.2 on WordPress. This impacts an unknown function. Performing manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability was named CVE-2025-58900. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More