Skip to main content

Wanium

1 CVEs product

Monthly

CVE-2025-69136 HIGH This Week

Local File Inclusion in the Wanium WordPress theme (versions up to and including 1.9.8) allows remote unauthenticated attackers to coerce the application into including arbitrary local PHP files, leading to source disclosure and potential remote code execution on the server. The flaw was disclosed via Patchstack and tracked as EUVD-2025-210204; no public exploit identified at time of analysis, and the CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N) indicates network-reachable exploitation that nevertheless requires some non-trivial conditions to succeed.

PHP Information Disclosure LFI Wanium
NVD
CVSS 3.1
8.1
EPSS
0.5%
EPSS 0% CVSS 8.1
HIGH This Week

Local File Inclusion in the Wanium WordPress theme (versions up to and including 1.9.8) allows remote unauthenticated attackers to coerce the application into including arbitrary local PHP files, leading to source disclosure and potential remote code execution on the server. The flaw was disclosed via Patchstack and tracked as EUVD-2025-210204; no public exploit identified at time of analysis, and the CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N) indicates network-reachable exploitation that nevertheless requires some non-trivial conditions to succeed.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy