Skip to main content

Roneous

1 CVEs product

Monthly

CVE-2025-69177 HIGH This Week

Unauthenticated local file inclusion in the Roneous WordPress theme (versions up to and including 2.1.5) allows remote attackers to coerce the application into including arbitrary files on the server, potentially exposing sensitive data such as wp-config.php credentials or, when combined with file upload primitives, achieving remote code execution. The flaw is reachable without authentication over the network, and no public exploit identified at time of analysis. The vulnerability is tracked by Patchstack and ENISA EUVD (EUVD-2025-210183).

PHP Information Disclosure LFI Roneous
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Roneous WordPress theme (versions up to and including 2.1.5) allows remote attackers to coerce the application into including arbitrary files on the server, potentially exposing sensitive data such as wp-config.php credentials or, when combined with file upload primitives, achieving remote code execution. The flaw is reachable without authentication over the network, and no public exploit identified at time of analysis. The vulnerability is tracked by Patchstack and ENISA EUVD (EUVD-2025-210183).

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy