Local File Inclusion Vulnerability in Edumall WordPress Theme
CVE-2025-2101

8.1HIGH

Key Information:

Vendor: WordPress
Status: Edumall - Professional Lms Education Center WordPress Theme
Vendor: CVE Published:; 26 April 2025

What is CVE-2025-2101?

The Edumall theme for WordPress is susceptible to a Local File Inclusion vulnerability due to improper handling of the 'template' parameter in the 'edumall_lazy_load_template' AJAX action. An unauthenticated attacker can exploit this issue to include and execute arbitrary PHP files from the server, which can lead to severe outcomes such as unauthorized code execution, sensitive data exposure, and potential bypassing of access controls. This vulnerability affects all versions of the Edumall theme up to and including 4.2.4, emphasizing the importance of applying necessary security updates and following best practices to secure WordPress installations.

Affected Version(s)

EduMall - Professional LMS Education Center WordPress Theme * <= 4.2.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://changelog.thememove.com/edumall/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2025
Vulnerability Reserved
Mar 7, 2025

Credit

Tonn