Skip to main content

Neuronet

1 CVEs product

Monthly

CVE-2025-58952 HIGH PATCH This Week

Unauthenticated local file inclusion in the ThemeREX Neuronet WordPress theme before version 1.14.0 allows remote attackers to coerce the PHP runtime into including arbitrary files via untrusted input reaching an include/require statement. The flaw is reachable without authentication or user interaction, but CVSS marks attack complexity as High, suggesting non-trivial preconditions for full exploitation. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

PHP Information Disclosure LFI Neuronet
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Unauthenticated local file inclusion in the ThemeREX Neuronet WordPress theme before version 1.14.0 allows remote attackers to coerce the PHP runtime into including arbitrary files via untrusted input reaching an include/require statement. The flaw is reachable without authentication or user interaction, but CVSS marks attack complexity as High, suggesting non-trivial preconditions for full exploitation. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy