WordPress - News And Blog Designer Bundle - CRITICAL - CVE-2025-14502. The News and Blog Designer Bundle plugin for WordPress presents a serious Local File Inclusion vulnerability, impacting all versions up to and including 1.1. By exploiting the template parameter, unauthenticated attackers can include and execute arbitrary .php files from the server. This vulnerability not only facilitates the execution of malicious code but also enables attackers to bypass access controls and potentially access sensitive data stored on the server. If PHP file types can be uploaded and included, the implications for security can be severe, reinforcing the need for prompt updates and vigilant management of plugin security.