Skip to main content

Snowy

1 CVEs product

Monthly

CVE-2025-69161 HIGH This Week

Unauthenticated local file inclusion in the Snowy WordPress theme (ThemeREX) versions up to and including 1.13 allows remote attackers to coerce the PHP runtime into including arbitrary files from the server filesystem. The flaw is tracked as CWE-98 (Improper Control of Filename for Include/Require), reported by Patchstack, and carries a CVSS 3.1 score of 8.1 (High) reflecting high-complexity but unauthenticated network exploitation. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI Snowy
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Snowy WordPress theme (ThemeREX) versions up to and including 1.13 allows remote attackers to coerce the PHP runtime into including arbitrary files from the server filesystem. The flaw is tracked as CWE-98 (Improper Control of Filename for Include/Require), reported by Patchstack, and carries a CVSS 3.1 score of 8.1 (High) reflecting high-complexity but unauthenticated network exploitation. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy