CVE-2025-10406 — The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, s — CVE Database · The Intelligence Room