CVE Catalog
CVE-2025-69133
HighCVSS 7.5Summary
The Tourmaster plugin version 5.4.5 and earlier contains a Local File Inclusion (LFI) vulnerability exploitable by a subscriber. An authenticated user with the subscriber role can read arbitrary files on the server.
Risk Assessment
An attacker can access sensitive configuration files, passwords, or user data, leading to confidentiality breach and potential privilege escalation.
Recommendation
Immediately update the Tourmaster plugin to the latest available version that fixes this vulnerability. If an update is not possible, temporarily disable the plugin or restrict access to it.
Original NVD description (English source)
Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.

