Skip to main content

Tipsy

1 CVEs product

Monthly

CVE-2025-69173 HIGH This Week

Unauthenticated local file inclusion in the ThemeREX Tipsy WordPress theme versions 1.1 and earlier allows remote attackers to coerce the PHP interpreter into including arbitrary files via attacker-controlled path parameters. Successful exploitation can disclose sensitive server-side files, leak configuration secrets such as wp-config.php database credentials, and - depending on environment - escalate to code execution by including log files, session files, or other writable artifacts. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Information Disclosure LFI Tipsy
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the ThemeREX Tipsy WordPress theme versions 1.1 and earlier allows remote attackers to coerce the PHP interpreter into including arbitrary files via attacker-controlled path parameters. Successful exploitation can disclose sensitive server-side files, leak configuration secrets such as wp-config.php database credentials, and - depending on environment - escalate to code execution by including log files, session files, or other writable artifacts. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy