CVE-2025-69411
WordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerability
Vexday Risk Score
36Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7.5EPSS 1.6%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
05 Mar 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Robert Seyfriedsberger · ionCube tester plusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →