{"id":87052,"date":"2026-06-06T00:21:38","date_gmt":"2026-06-06T00:21:38","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-60150-php-remote-file-inclusion-vulnerability-in-subscribe-to-download-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-60150-php-remote-file-inclusion-vulnerability-in-subscribe-to-download-wordpress-plugin\/","title":{"rendered":"CVE-2025-60150: PHP Remote File Inclusion Vulnerability in Subscribe to Download WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

This report highlights the critical security vulnerability, CVE-2025-60150, which impacts the Subscribe to Download plugin on the WordPress platform. This PHP Remote File Inclusion vulnerability can lead to significant breaches, potentially compromising entire systems and leading to severe data leakage. It is crucial to address this issue due to the high-risk score and broad user base of the affected plugin.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-60150
\nSeverity: High (7.5 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n