The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template paramete…
Published:
13 January 2026 at 23:00:00
Alert date:
14 January 2026 at 17:02:19
Source:
nvd.nist.gov
Web Technologies
The News and Blog Designer Bundle plugin for WordPress contains a Local File Inclusion vulnerability in versions up to 1.1. The vulnerability exists in the template parameter and allows unauthenticated attackers to include and execute arbitrary PHP files on the server. This can lead to code execution, bypassing access controls, and obtaining sensitive data. The vulnerability affects all versions up to and including 1.1 of the plugin.
Technical details
Mitigation steps:
Affected products:
News and Blog Designer Bundle WordPress plugin
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2025-14502
https://plugins.trac.wordpress.org/browser/news-and-blog-designer-bundle/trunk/includes/class-nbdb-ajax.php#L31
https://www.wordfence.com/threat-intel/vulnerabilities/id/e02683dc-0771-4bd5-bba3-2b5423da1c80?source=cve
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.