Skip to main content

Dazzle

1 CVEs product

Monthly

CVE-2025-69120 HIGH This Week

Unauthenticated Local File Inclusion affects the Dazzle WordPress theme (by ThemeRex) in versions up to and including 1.0.0, allowing remote attackers to read or potentially include arbitrary local files on the server. The flaw stems from improper control of filename parameters used in PHP include/require statements (CWE-98), and no public exploit has been identified at time of analysis. With a CVSS 8.1 reflecting high attack complexity but no authentication, the vulnerability is reachable by anonymous attackers but requires specific conditions to weaponize fully.

PHP Information Disclosure LFI Dazzle
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated Local File Inclusion affects the Dazzle WordPress theme (by ThemeRex) in versions up to and including 1.0.0, allowing remote attackers to read or potentially include arbitrary local files on the server. The flaw stems from improper control of filename parameters used in PHP include/require statements (CWE-98), and no public exploit has been identified at time of analysis. With a CVSS 8.1 reflecting high attack complexity but no authentication, the vulnerability is reachable by anonymous attackers but requires specific conditions to weaponize fully.

PHP Information Disclosure LFI +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy