Skip to main content

Medeus

1 CVEs product

Monthly

CVE-2025-69150 HIGH This Week

Unauthenticated local file inclusion in the Medeus WordPress theme versions 1.14 and earlier allows remote attackers to coerce the PHP backend into including arbitrary files, exposing sensitive configuration data such as wp-config.php and potentially enabling code execution if log poisoning or uploaded content can be referenced. The vulnerability is classified under CWE-98 (Improper Control of Filename for Include/Require), affects a ThemeREX product tracked by Patchstack as a WordPress theme issue, and no public exploit identified at time of analysis. Despite the CVSS 8.1 high rating, AC:H signals non-trivial exploitation requirements beyond a simple parameter swap.

PHP Information Disclosure LFI Medeus
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Medeus WordPress theme versions 1.14 and earlier allows remote attackers to coerce the PHP backend into including arbitrary files, exposing sensitive configuration data such as wp-config.php and potentially enabling code execution if log poisoning or uploaded content can be referenced. The vulnerability is classified under CWE-98 (Improper Control of Filename for Include/Require), affects a ThemeREX product tracked by Patchstack as a WordPress theme issue, and no public exploit identified at time of analysis. Despite the CVSS 8.1 high rating, AC:H signals non-trivial exploitation requirements beyond a simple parameter swap.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy