Skip to main content

Putter

1 CVEs product

Monthly

CVE-2025-69147 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX Putter WordPress theme versions 1.17 and earlier allows remote attackers to read arbitrary files from the underlying web server and, in PHP environments where include wrappers are abused, potentially achieve code execution. The flaw is reachable without authentication or user interaction, though CVSS reports high attack complexity. No public exploit identified at time of analysis, but Patchstack has published the advisory.

PHP Information Disclosure LFI Putter
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the ThemeREX Putter WordPress theme versions 1.17 and earlier allows remote attackers to read arbitrary files from the underlying web server and, in PHP environments where include wrappers are abused, potentially achieve code execution. The flaw is reachable without authentication or user interaction, though CVSS reports high attack complexity. No public exploit identified at time of analysis, but Patchstack has published the advisory.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy