{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14867", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-18T02:45:09.366Z", "datePublished": "2026-01-07T06:36:04.362Z", "dateUpdated": "2026-04-08T17:33:15.097Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:33:15.097Z"}, "affected": [{"vendor": "liangshao", "product": "Flashcard Plugin for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fcc6e5-1f90-41e7-8d5a-2bfe8cbf46fa?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/flashcard/tags/0.9/flashcard.php?marks=73,109#L73"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Bhumividh Treloges"}], "timeline": [{"time": "2025-12-17T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2026-01-06T18:34:27.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-07T14:51:14.580283Z", "id": "CVE-2025-14867", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T16:13:36.082Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14867", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-07T14:51:14.580283Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T14:51:16.747Z"}}], "cna": {"title": "Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal", "credits": [{"lang": "en", "type": "finder", "value": "Bhumividh Treloges"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "liangshao", "product": "Flashcard Plugin for WordPress", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "0.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-17T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2026-01-06T18:34:27.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fcc6e5-1f90-41e7-8d5a-2bfe8cbf46fa?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/flashcard/tags/0.9/flashcard.php?marks=73,109#L73"}], "descriptions": [{"lang": "en", "value": "The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-01-07T06:36:04.362Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14867", "state": "PUBLISHED", "dateUpdated": "2026-01-07T16:13:36.082Z", "dateReserved": "2025-12-18T02:45:09.366Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-07T06:36:04.362Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "id": "CVE-2025-14867", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-07T12:16:57.177", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/flashcard/tags/0.9/flashcard.php?marks=73,109#L73"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fcc6e5-1f90-41e7-8d5a-2bfe8cbf46fa?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:17:25.461471+00:00", "value": {"mitigation_remediation": ["Upgrade the Flashcard plugin to a fixed version\u2014if no newer release is available, disable the plugin altogether.", "Restrict contributor and other non\u2011admin roles from using the flashcard shortcode with the source attribute, or audit role permissions to ensure that users without read\u2011file privileges cannot supply this parameter.", "Monitor web\u2011server logs for repeated attempts to use the flashcard shortcode with path traversal patterns and block or alert on suspicious requests."], "summary": {"action": "Patch plugin", "impact": "Information disclosure via arbitrary file read"}, "threat_synthesis": {"affected_systems": "All installations of the Flashcard plugin for WordPress with a version number 0.9 or lower are vulnerable. No specific third\u2011party patches or version numbers that remove the flaw are listed in the available CNA data.", "description_and_impact": "The Flashcard plugin for WordPress is vulnerable to a path traversal flaw that is exploitable through the 'source' attribute of its shortcode. When an authenticated user with contributor or higher privileges supplies a crafted value containing directory traversal sequences, the plugin interprets it as a file path and returns the contents of that file to the browser. This allows the attacker to read any readable file on the server, potentially exposing database credentials, configuration files, or other sensitive information. The weakness is a classic path traversal issue (CWE\u201122).", "risk_and_exploitability": "The vulnerability carries a CVSS score of 6.5, indicating a moderate impact. EPSS is reported to be less than 1%, implying a low probability of exploitation in the wild. It is not listed in CISA\u2019s KEV catalog. The likely attack vector requires authentication; an attacker must be granted at least contributor access to the site and then can inject a malicious value into the shortcode. Once exploited, the attacker can read arbitrary files, which may compromise confidentiality and potentially integrity if the attacker can modify the view or metrics derived from those files."}}}}, "created": "2026-01-08T09:49:21.717317+00:00", "updated": "2026-04-20T21:30:18.563762+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}