Home

Description

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process.

PUBLISHED Reserved 2025-12-11 | Published 2026-04-10 | Updated 2026-04-10 | Assigner WPScan

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unaffected

Any version before 5.0.26
affected

Credits

Alex Tselevich (nos3curity) finder

WPScan coordinator

References

wpscan.com/...rability/9bb1a4ca-976c-461d-82de-8a3b04a56fbc/ exploit vdb-entry technical-description

cve.org (CVE-2025-14545)

nvd.nist.gov (CVE-2025-14545)

Download JSON