Nixpkgs security tracker

Permalink CVE-2025-69042

8.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months, 3 weeks ago

WordPress Lindo theme <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5.

References

https://patchstack.com/database/Wordpress/Theme/lindo/vulnerability/wordpress-l… vdb-entry

Affected products

lindo

=<<= 1.2.5

Matching in nixpkgs

pkgs.libsForQt5.calindori

Calendar for Plasma Mobile

nixos-unstable 23.08.5
- nixpkgs-unstable 23.08.5
- nixos-unstable-small 23.08.5

pkgs.kdePackages.calindori

Calendar for Plasma Mobile

nixos-unstable 25.04.3
- nixpkgs-unstable 25.04.3
- nixos-unstable-small 25.04.3
nixos-25.11 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.calindori

Calendar for Plasma Mobile

nixos-unstable 23.08.5
- nixpkgs-unstable 23.08.5
- nixos-unstable-small 23.08.5

Package maintainers

@mjm Matt Moriarity <matt@mattmoriarity.com>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@K900 Ilya K. <me@0upti.me>
@NickCao Nick Cao <nickcao@nichi.co>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.libsForQt5.calindori

pkgs.kdePackages.calindori

pkgs.plasma5Packages.calindori

Package maintainers