CVE-2025-4419
Published
CVSS v3
4.3
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.
<p>Hot Random Image by <a href="https://www.hotjoomlatemplates.com/" title="Hot Themes" rel="nofollow ugc">Hot Themes</a> is a basic plugin that shows a randomly picked image from a selected folder where images are stored. You can define a folder and the plugin will show all the images from this folder in a random order. Also, it’s possible to select only certain images from the folder that will be added in rotation. Each image can be linked. Alt text is optional. Image dimensions (width and height) can be defined in any format (pixels, percents, auto-mode…). Therefore, this plugin is appropriate for all responsive websites.</p>
WordPress Plugin Directory