CVE-2025-14545

Summary

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process.

Affected Software

VendorProductVersion RangeStatus
UnknownYML for Yandex Market0 < 5.0.26affected

Weaknesses

  • CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References