{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13070", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2025-11-12T14:25:22.022Z", "datePublished": "2025-12-09T06:00:08.117Z", "dateUpdated": "2026-04-02T12:39:53.722Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-02T12:39:53.722Z"}, "title": "CSV to SortTable <= 4.2 - Contributor+ LFI", "problemTypes": [{"descriptions": [{"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "CSV to SortTable", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "4.2"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks."}], "references": [{"url": "https://wpscan.com/vulnerability/deb52d69-d7f8-43a5-a709-1f543fd343c6/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Ivan Cese", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-11T16:54:38.871308Z", "id": "CVE-2025-13070", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T20:08:09.803Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-13070", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-11T16:54:38.871308Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T16:55:14.186Z"}}], "cna": {"title": "CSV to SortTable <= 4.2 - Contributor+ LFI", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Ivan Cese"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "CSV to SortTable", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.2"}], "defaultStatus": "unknown"}], "references": [{"url": "https://wpscan.com/vulnerability/deb52d69-d7f8-43a5-a709-1f543fd343c6/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-02T12:39:53.722Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13070", "state": "PUBLISHED", "dateUpdated": "2026-04-02T12:39:53.722Z", "dateReserved": "2025-11-12T14:25:22.022Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2025-12-09T06:00:08.117Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks."}], "id": "CVE-2025-13070", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-12-09T16:17:35.093", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/deb52d69-d7f8-43a5-a709-1f543fd343c6/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T22:42:38.020547+00:00", "value": {"mitigation_remediation": ["Update the CSV to SortTable plugin to the latest version where the LFI issue has been fixed.", "If an upgrade is not immediately possible, deactivate or uninstall the plugin until a patched version is available.", "Limit contributor roles to the minimum capabilities required for their tasks\u2014ideally revoke the ability to edit pages or posts that might invoke the vulnerable shortcode; alternatively, reconfigure the site so that contributor users cannot add or edit content containing the shortcode."], "summary": {"action": "Apply Patch", "impact": "Local File Inclusion"}, "threat_synthesis": {"affected_systems": "The issue affects installations of the CSV to SortTable plugin dated 4.2 or earlier. Any WordPress site that has authenticated contributors or higher roles and has the plugin active is vulnerable. The vendor is listed as Unknown, but the plugin is a common WordPress extension used by public and private sites.", "description_and_impact": "The WordPress plugin CSV to SortTable up to version 4.2 fails to validate certain shortcode attributes that are used to build file paths for PHP include functions. This deficiency permits any authenticated user with contributor-level permissions to supply malicious attribute values, resulting in a local file inclusion (LFI) vulnerability. By including unintended files from the server, the attacker can read sensitive configuration files, user data, or other locally stored resources, potentially exposing confidential information. If the included file contains executable code, there may also be a risk of code execution or privilege escalation within the WordPress environment.", "risk_and_exploitability": "The CVSS score of 6.6 indicates a medium to high impact severity. The EPSS score of less than 1% shows that, while the vulnerability exists, the likelihood of exploitation in the wild is very low at present, and it is not listed in CISA\u2019s KEV catalog. Exploitation requires authenticated access; therefore, attackers must either compromise a contributor account or maintain access through social engineering. Once authenticated, the short\u2011code manipulation can be carried out without further privileges, making the attack straightforward for an attacker who already has contributor access."}}}}, "created": "2025-12-10T17:52:31.079346+00:00", "updated": "2026-04-27T22:45:15.489572+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}