Skip to main content

Food Drop

1 CVEs product

Monthly

CVE-2025-69125 HIGH This Week

Unauthenticated local file inclusion in the Food Drop WordPress theme versions 1.3 and earlier allows remote attackers to read arbitrary server files or potentially achieve PHP code execution by abusing an improperly controlled include/require path (CWE-98). The flaw was disclosed by Patchstack and tracked as EUVD-2025-210202; no public exploit code or active exploitation has been identified at time of analysis, but the network-reachable, no-auth attack surface makes it a meaningful risk for any site running this theme.

PHP Information Disclosure LFI Food Drop
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Food Drop WordPress theme versions 1.3 and earlier allows remote attackers to read arbitrary server files or potentially achieve PHP code execution by abusing an improperly controlled include/require path (CWE-98). The flaw was disclosed by Patchstack and tracked as EUVD-2025-210202; no public exploit code or active exploitation has been identified at time of analysis, but the network-reachable, no-auth attack surface makes it a meaningful risk for any site running this theme.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy