CVE-2025-69411
published 2026-03-05CVE-2025-69411: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus…
PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.61%
72.9th percentile
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| robert_seyfriedsberger | ioncube_tester_plus | <= 1.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/wp-content/plugins/ioncube-tester-plus/loader-wizard.php?page=phpconfig&download=1&ininame=../../../../../../../../etc/passwd
- →Detect unauthenticated GET requests to loader-wizard.php with the 'ininame' parameter containing path traversal sequences (e.g., '../') targeting sensitive files such as /etc/passwd or wp-config.php.
- →Look for HTTP responses with Content-Type 'text/plain' and body matching the pattern 'root:.*:0:0:' when requests are made to loader-wizard.php with traversal payloads — this confirms successful exploitation.
- →Flag requests to loader-wizard.php that include query parameters page=phpconfig, download=1, and ininame values with directory traversal sequences as indicators of active exploitation attempts.
- ·The vulnerability is unauthenticated — no session, cookie, or authentication token is required to exploit it, meaning any anonymous HTTP request can trigger the path traversal.
- ·The exploit requires the ioncube-tester-plus WordPress plugin to be installed and at version <= 1.3; version detection via readme.txt (Stable tag field) can confirm exposure before attempting exploitation.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
ionCube Tester Plus <= 1.3 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2025-69411 [HIGH] ionCube Tester Plus <= 1.3 - Local File Inclusion
ionCube Tester Plus <= 1.3 - Local File Inclusion
The ionCube Tester Plus plugin for WordPress versions <= 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without authentication.
Template:
id: CVE-2025-69411
info:
name: ionCube Tester Plus <= 1.3 - Local File Inclusion
author: pussycat0x
severity: high
description: |
The ionCube Tester Plus plugin for WordPress versions <= 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without
2026-03-05
Published