Local File Inclusion Vulnerability in BodyCenter - Gym, Fitness WooCommerce Theme from SNSTheme
CVE-2023-25999

8.1HIGH

Key Information:

Vendor: WordPress
Status: Bodycenter - Gym, Fitness WooCommerce WordPress Theme
Vendor: CVE Published:; 9 June 2025

What is CVE-2023-25999?

An improper control vulnerability in the BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows for local file inclusion, which can expose sensitive files on the server. This weakness enables attackers to manipulate the file inclusion process, potentially leading to the execution of arbitrary PHP code. Users of this theme, particularly versions n/a through 2.4, should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

BodyCenter - Gym, Fitness WooCommerce WordPress Theme <= 2.4

References

https://patchstack.com/database/wordpress/theme/bodycente...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Feb 17, 2023

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)