Description
The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.
Published: 2025-07-08
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a directory traversal flaw triggered via the layout parameter in the Widget for Google Reviews plugin. An authenticated user with at least Subscriber level can supply a crafted layout value that points to local files on the server. If the referenced file is a PHP script, the plugin will include and execute it, effectively allowing the attacker to run arbitrary PHP code. This bypasses normal access controls and can expose or modify sensitive data.

Affected Systems

All installations of the Widget for Google Reviews plugin for WordPress with version 1.0.15 or earlier. The affected code resides in the techlabpro1 Widget for Google Reviews package and applies to any WordPress site that has the plugin activated.

Risk and Exploitability

The CVSS score of 8.8 signifies a high severity for this locality-based vulnerability. However, the EPSS score of less than 1% indicates a very low likelihood that the flaw is being targeted in the wild. The flaw is not listed in CISA’s KEV catalog. The likely attack vector is user‑authenticated, requiring the attacker to possess at least Subscriber-level access. An attacker would typically first upload or otherwise place a PHP file in a directory reachable by the plugin and then craft a layout parameter that traverses to that file. Once included, arbitrary code execution can be achieved. Given the need for authenticated access, the potential impact is limited to compromised accounts rather than fully unauthenticated scans.

Generated by OpenCVE AI on April 22, 2026 at 01:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Widget for Google Reviews to the latest release that removes the directory traversal vulnerability.
  • If an immediate update is not possible, block the layout query parameter for Subscriber‑level users, for example by removing it from URLs or preventing it via a custom filter or .htaccess rule.
  • Verify that the wp-content/uploads directory and other upload directories have PHP execution disabled or appropriate permissions to prevent accidental inclusion of PHP files.

Generated by OpenCVE AI on April 22, 2026 at 01:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-20390 The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00337}

 epss

{'score': 0.00342}

Wed, 09 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Radiustheme
Radiustheme widget For Google Reviews
CPEs cpe:2.3:a:radiustheme:widget_for_google_reviews:*:*:*:*:*:wordpress:*:*
Vendors & Products Radiustheme
Radiustheme widget For Google Reviews

Tue, 08 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 08 Jul 2025 05:30:00 +0000

Type Values Removed Values Added
Description The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.
Title Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion
Weaknesses CWE-98
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Radiustheme Widget For Google Reviews
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:49:50.382Z

Reserved: 2025-07-07T16:48:43.437Z

Link: CVE-2025-7327

cve-icon Vulnrichment

Updated: 2025-07-08T16:07:52.987Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-08T06:15:24.730

Modified: 2025-07-09T13:50:56.863

Link: CVE-2025-7327

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T01:15:07Z

Weaknesses