Primary

Context

Inpersttion For Theme WordPress Plugin Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in the Inpersttion For Theme WordPress plugin, affecting all versions through 1.0. The issue arises in the theme_section_shortcode() function, where the plugin fails to restrict callable functions. This flaw allows authenticated attackers with Contributor-level access or higher to execute arbitrary functions on the server, limited to those functions without user-supplied parameters.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the affected WordPress site is hosted.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Aug 15, 2025, 9:30 AM

Updated: Aug 15, 2025, 9:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Inpersttion For Theme WordPress Plugin Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating