Skip to main content

Kelly Young

1 CVEs product

Monthly

CVE-2025-69141 HIGH This Week

Unauthenticated Local File Inclusion in the Kelly Young WordPress theme (versions ≤1.1.0) allows remote attackers to read arbitrary local files and potentially achieve code execution by including attacker-controlled file paths via a vulnerable PHP include sink. The flaw is reachable without authentication over the network, and no public exploit identified at time of analysis. Risk is elevated by the high CVSS impact triad (C:H/I:H/A:H), though AC:H indicates non-trivial exploitation prerequisites.

PHP Information Disclosure LFI Kelly Young
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated Local File Inclusion in the Kelly Young WordPress theme (versions ≤1.1.0) allows remote attackers to read arbitrary local files and potentially achieve code execution by including attacker-controlled file paths via a vulnerable PHP include sink. The flaw is reachable without authentication over the network, and no public exploit identified at time of analysis. Risk is elevated by the high CVSS impact triad (C:H/I:H/A:H), though AC:H indicates non-trivial exploitation prerequisites.

PHP Information Disclosure LFI +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy