Skip to main content

Luxmed Medicine Healthcare Doctor Wordpress Theme

1 CVEs product

Monthly

CVE-2025-69115 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX LuxMed Medicine & Healthcare Doctor WordPress theme versions 1.2.2 and earlier allows remote attackers to include and execute arbitrary local PHP files on the server. The flaw is CWE-98 (improper control of filename for include/require) and carries CVSS 8.1 (high), though attack complexity is high; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

PHP WordPress Information Disclosure LFI Luxmed Medicine Healthcare Doctor Wordpress Theme
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the ThemeREX LuxMed Medicine & Healthcare Doctor WordPress theme versions 1.2.2 and earlier allows remote attackers to include and execute arbitrary local PHP files on the server. The flaw is CWE-98 (improper control of filename for include/require) and carries CVSS 8.1 (high), though attack complexity is high; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

PHP WordPress Information Disclosure +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy