Skip to main content

Spike

1 CVEs product

Monthly

CVE-2025-69168 HIGH This Week

Local File Inclusion in the Spike WordPress theme (versions ≤1.2) by ThemeREX allows remote unauthenticated attackers to coerce the PHP backend into including arbitrary local files via crafted filename parameters. Successful exploitation can disclose sensitive server-side files, configuration data, and credentials, and on misconfigured PHP installations may lead to code execution. No public exploit identified at time of analysis, but the issue is reported and tracked by Patchstack (WordPress vulnerability intelligence).

PHP Information Disclosure LFI Spike
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Local File Inclusion in the Spike WordPress theme (versions ≤1.2) by ThemeREX allows remote unauthenticated attackers to coerce the PHP backend into including arbitrary local files via crafted filename parameters. Successful exploitation can disclose sensitive server-side files, configuration data, and credentials, and on misconfigured PHP installations may lead to code execution. No public exploit identified at time of analysis, but the issue is reported and tracked by Patchstack (WordPress vulnerability intelligence).

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy