Skip to main content

Gamic

1 CVEs product

Monthly

CVE-2025-69157 HIGH This Week

Local file inclusion in the ThemeRex Gamic WordPress theme versions 1.15 and earlier allows unauthenticated remote attackers to coerce the PHP application into including arbitrary files via crafted parameters. Successful exploitation can expose sensitive configuration data (including wp-config.php) and, depending on server configuration, may escalate to remote code execution through log poisoning or session-file inclusion. No public exploit identified at time of analysis, and the issue has not been listed in CISA KEV.

PHP Information Disclosure LFI Gamic
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Local file inclusion in the ThemeRex Gamic WordPress theme versions 1.15 and earlier allows unauthenticated remote attackers to coerce the PHP application into including arbitrary files via crafted parameters. Successful exploitation can expose sensitive configuration data (including wp-config.php) and, depending on server configuration, may escalate to remote code execution through log poisoning or session-file inclusion. No public exploit identified at time of analysis, and the issue has not been listed in CISA KEV.

PHP Information Disclosure LFI +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy