CVE-2025-14545
YML for Yandex Market < 5.0.26 - Shop Manager+ RCE via Feed GenerationThe YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process.
We have discovered 801 live websites that are affected by CVE-2025-14545.
Affected Software
| Product |  Yml For Yandex Market |
| Category | Wordpress Plugins |
| Vulnerable Domains | 801 live websites (79% of Yml For Yandex Market install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 23 versions ( 96% of all versions) |
Common Weakness Enumeration
CWE-94 Improper Control of Generation of Code ('Code Injection')Details
- Published - Apr 10, 2026
- Updated - Apr 10, 2026
Credits
- Alex Tselevich (nos3curity) (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-14545 United States | 1 websites |
 Russia | 751 websites |
 Belarus | 26 websites |
 Ukraine | 10 websites |
 Kazakhstan | 7 websites |
 Uzbekistan | 2 websites |
 Austria | 1 websites |
 Germany | 1 websites |
 GB | 1 websites |
 South Africa | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-14545| .ru | 629 websites |
| .com | 40 websites |
| .net | 2 websites |
| .org | 2 websites |
| .at | 1 websites |
| .co | 1 websites |
| .info | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-14545
Top websites that are affected by CVE-2025-14545. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.ru | Russia | *,***,*** | |
| ********.ru | Russia | *,***,*** | |
| ******.ru | Russia | *,***,*** | |
| *******.mobi | Russia | *,***,*** | |
| *******.ru | Russia | *,***,*** | |
| ********.ru | Russia | *,***,*** | |
| ****.ru | Russia | *,***,*** | |
| *********.ru | Russia | *,***,*** | |
| ***********.ru | Russia | *,***,*** | |
| ***********.ru | Russia | *,***,*** |
FAQ
CVE-2025-14545 is Improper Control of Generation of Code ('Code Injection') in Yml For Yandex Market
A total of 801 websites have been identified as vulnerable to CVE-2025-14545, based on global website indexing conducted by WebTechSurvey.
The Yml For Yandex Market is affected by the CVE-2025-14545 vulnerability.
Yml For Yandex Market versions up to 5.0.26 are vulnerable to CVE-2025-14545.
CVE-2025-14545 is resolved in version 5.0.26 of Yml For Yandex Market.