{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T09:18:57.897","vulnerabilities":[{"cve":{"id":"CVE-2025-30890","sourceIdentifier":"audit@patchstack.com","published":"2025-03-27T11:15:49.920","lastModified":"2026-06-17T09:09:31.627","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SuitePlugins Login Widget for Ultimate Member login-widget-for-ultimate-member allows PHP Local File Inclusion.This issue affects Login Widget for Ultimate Member: from n/a through <= 1.1.2."},{"lang":"es","value":"La vulnerabilidad de control incorrecto del nombre de archivo para la instrucción Include/Require en un programa PHP ('Inclusión remota de archivos en PHP') en SuitePlugins Login Widget for Ultimate Member permite la inclusión local de archivos en PHP. Este problema afecta al widget de inicio de sesión de Ultimate Member desde n/d hasta la versión 1.1.2."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"SuitePlugins","product":"Login Widget for Ultimate Member","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"login-widget-for-ultimate-member","versions":[{"version":"0","lessThanOrEqual":"1.1.2","versionType":"custom","status":"affected","changes":[{"at":"1.1.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-27T16:08:52.991918Z","id":"CVE-2025-30890","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/login-widget-for-ultimate-member/vulnerability/wordpress-login-widget-for-ultimate-member-plugin-1-1-2-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}