Skip to main content

Abelle

1 CVEs product

Monthly

CVE-2025-69142 HIGH This Week

Unauthenticated local file inclusion in the Abelle WordPress theme versions 1.22 and earlier allows remote attackers to coerce the PHP runtime into including attacker-controlled file paths, leading to disclosure of sensitive server files and potential remote code execution if log poisoning or uploaded files can be reached. The flaw is reachable without credentials, but CVSS notes high attack complexity, and no public exploit identified at time of analysis. No EPSS or KEV signal is provided in the source data.

PHP Information Disclosure LFI Abelle
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Abelle WordPress theme versions 1.22 and earlier allows remote attackers to coerce the PHP runtime into including attacker-controlled file paths, leading to disclosure of sensitive server files and potential remote code execution if log poisoning or uploaded files can be reached. The flaw is reachable without credentials, but CVSS notes high attack complexity, and no public exploit identified at time of analysis. No EPSS or KEV signal is provided in the source data.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy