Skip to main content

Granola

1 CVEs product

Monthly

CVE-2025-69158 HIGH This Week

Unauthenticated Local File Inclusion in the ThemeREX Granola WordPress theme through version 1.13 allows remote attackers to coerce the PHP runtime into including arbitrary files via attacker-controlled path input. The flaw is reachable over the network without credentials or user interaction and can expose sensitive site files such as wp-config.php, potentially escalating to code execution if log-poisoning or session-file techniques are viable. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI Granola
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated Local File Inclusion in the ThemeREX Granola WordPress theme through version 1.13 allows remote attackers to coerce the PHP runtime into including arbitrary files via attacker-controlled path input. The flaw is reachable over the network without credentials or user interaction and can expose sensitive site files such as wp-config.php, potentially escalating to code execution if log-poisoning or session-file techniques are viable. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy