Skip to main content

Ingenioso

1 CVEs product

Monthly

CVE-2025-69117 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX Ingenioso WordPress theme through version 1.14.0 allows remote attackers to coerce the PHP application into including arbitrary server-side files, leading to disclosure of sensitive content and potential remote code execution where uploaded or log-poisoned files can be reached. The flaw is classified under CWE-98 (improper control of filename for include/require) and was disclosed via Patchstack with no public exploit identified at time of analysis. CVSS is rated 8.1 (High) with high attack complexity, reflecting that successful exploitation depends on identifying a reachable include path.

PHP Information Disclosure LFI Ingenioso
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the ThemeREX Ingenioso WordPress theme through version 1.14.0 allows remote attackers to coerce the PHP application into including arbitrary server-side files, leading to disclosure of sensitive content and potential remote code execution where uploaded or log-poisoned files can be reached. The flaw is classified under CWE-98 (improper control of filename for include/require) and was disclosed via Patchstack with no public exploit identified at time of analysis. CVSS is rated 8.1 (High) with high attack complexity, reflecting that successful exploitation depends on identifying a reachable include path.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy