{"id":64173,"date":"2025-08-19T17:57:59","date_gmt":"2025-08-19T17:57:59","guid":{"rendered":""},"modified":"2025-10-03T12:33:05","modified_gmt":"2025-10-03T18:33:05","slug":"cve-2025-6715-critical-local-file-inclusion-vulnerability-in-latepoint-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-6715-critical-local-file-inclusion-vulnerability-in-latepoint-wordpress-plugin\/","title":{"rendered":"CVE-2025-6715: Critical Local File Inclusion Vulnerability in LatePoint WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The Common Vulnerability Exposure (CVE) system has recently identified a severe security flaw labeled as CVE-2025-6715. This vulnerability affects WordPress websites utilizing the LatePoint plugin versions before 5.1.94. The severity of this vulnerability lies in the fact that it enables Local File Inclusion (LFI), which could allow attackers to include and execute arbitrary PHP files on the server, ultimately leading to potential system<\/a> compromise or data leakage.
\nGiven that WordPress powers over 40% of all websites globally, the impact of this vulnerability could be quite extensive, potentially affecting thousands of websites and exposing sensitive data<\/a>. This vulnerability underscores the need for robust cybersecurity<\/a> measures and regular software updates to protect against such threats.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-6715
\nSeverity: Critical (9.8 CVSS score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise<\/a>, potential data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n