Skip to main content

Raider Spirit

1 CVEs product

Monthly

CVE-2025-69109 HIGH This Week

Local File Inclusion in the ThemeREX Raider Spirit WordPress theme versions 1.1.2 and earlier allows unauthenticated remote attackers to include and disclose arbitrary local files via attacker-controlled file paths reaching a PHP include/require sink. The flaw maps to CWE-98 (Improper Control of Filename for Include/Require) and was disclosed through Patchstack with no public exploit identified at time of analysis, though the CVSS 8.1 rating reflects high confidentiality, integrity, and availability impact if the inclusion can be steered to executable PHP content.

PHP Information Disclosure LFI Raider Spirit
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Local File Inclusion in the ThemeREX Raider Spirit WordPress theme versions 1.1.2 and earlier allows unauthenticated remote attackers to include and disclose arbitrary local files via attacker-controlled file paths reaching a PHP include/require sink. The flaw maps to CWE-98 (Improper Control of Filename for Include/Require) and was disclosed through Patchstack with no public exploit identified at time of analysis, though the CVSS 8.1 rating reflects high confidentiality, integrity, and availability impact if the inclusion can be steered to executable PHP content.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy