Skip to main content

Dom

1 CVEs product

Monthly

CVE-2025-69146 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX 'Dom' WordPress theme through version 1.24 allows remote attackers to coerce the PHP application into including arbitrary local files, leading to sensitive information disclosure and potential code execution. No public exploit identified at time of analysis, but the CVSS 8.1 rating reflects high impact across confidentiality, integrity, and availability if a vulnerable include path is reached. The flaw is tracked by Patchstack and ENISA (EUVD-2025-210210) and affects all Dom theme versions up to and including 1.24.

PHP Information Disclosure LFI Dom
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the ThemeREX 'Dom' WordPress theme through version 1.24 allows remote attackers to coerce the PHP application into including arbitrary local files, leading to sensitive information disclosure and potential code execution. No public exploit identified at time of analysis, but the CVSS 8.1 rating reflects high impact across confidentiality, integrity, and availability if a vulnerable include path is reached. The flaw is tracked by Patchstack and ENISA (EUVD-2025-210210) and affects all Dom theme versions up to and including 1.24.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy