CVE-2025-6389

Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback

CVSS 9.8 CRITICALEPSS 43.4%CWE-94

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 43.4%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

25 Nov 2025Published on NVD

26 Nov 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Sneeit · Sneeit Framework

public PoCs found — 3

githubgithub.com/itsismarcos/SneeitScanner-CVE-2025-6389★ 1 githubgithub.com/AivarSaar/blackash-cve-2025-6389★ 0 githubgithub.com/Nxploited/CVE-2025-6389★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://themeforest.net/item/flat-news-responsive-magazine-wordpress-theme/6000513#item-description__release-notes https://www.wordfence.com/threat-intel/vulnerabilities/id/b5ed8a39-50b0-4acf-9054-ba389c49f345?source=cve