Vulnerability Details CVE-2025-26909
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through <= 5.4.01.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.7%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-26909
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:-
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:4.0.11
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:4.1.11
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.26
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.27
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.28
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.29
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.01
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.02
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.03
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.01
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.02
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.03
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.04
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.3.00
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.3.01
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.3.02