Skip to main content

Skyward

1 CVEs product

Monthly

CVE-2025-69164 HIGH This Week

Unauthenticated local file inclusion in ThemeRex Skyward WordPress theme versions 1.10 and earlier allows remote attackers to include and execute arbitrary local PHP files on the server, enabling sensitive file disclosure and potential remote code execution. The flaw is reachable without authentication over the network and no public exploit has been identified at time of analysis, though Patchstack has catalogued the issue in their vulnerability database. CVSS rates the impact as 8.1 (High) reflecting full confidentiality, integrity, and availability compromise despite high attack complexity.

PHP Information Disclosure LFI Skyward
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in ThemeRex Skyward WordPress theme versions 1.10 and earlier allows remote attackers to include and execute arbitrary local PHP files on the server, enabling sensitive file disclosure and potential remote code execution. The flaw is reachable without authentication over the network and no public exploit has been identified at time of analysis, though Patchstack has catalogued the issue in their vulnerability database. CVSS rates the impact as 8.1 (High) reflecting full confidentiality, integrity, and availability compromise despite high attack complexity.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy