Skip to main content

Eventicity

1 CVEs product

Monthly

CVE-2025-69170 HIGH This Week

Local File Inclusion in the ThemeRex Eventicity WordPress theme versions 1.5 and earlier allows remote unauthenticated attackers to include and execute arbitrary local files on the server. The flaw is reported by Patchstack and tagged as PHP information disclosure; no public exploit identified at time of analysis, though the unauthenticated network vector makes this a meaningful priority for affected WordPress sites. Successful exploitation can expose sensitive files such as wp-config.php and may enable code execution depending on what files can be reached.

PHP Information Disclosure LFI Eventicity
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Local File Inclusion in the ThemeRex Eventicity WordPress theme versions 1.5 and earlier allows remote unauthenticated attackers to include and execute arbitrary local files on the server. The flaw is reported by Patchstack and tagged as PHP information disclosure; no public exploit identified at time of analysis, though the unauthenticated network vector makes this a meaningful priority for affected WordPress sites. Successful exploitation can expose sensitive files such as wp-config.php and may enable code execution depending on what files can be reached.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy