Local File Inclusion Vulnerability in Snstheme Evon by Snstheme
CVE-2025-28991

8.1HIGH

Key Information:

Vendor: WordPress
Status: Evon
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-28991?

A local file inclusion vulnerability exists in the Snstheme Evon theme, allowing unauthorized access to local files on the server. This issue could be exploited by an attacker to execute arbitrary PHP code or disclose sensitive information through improperly controlled filename parameters in PHP scripts. It is crucial for users of the Evon theme to be aware of this vulnerability and implement necessary security measures to mitigate potential risks.

Affected Version(s)

Evon <= 3.4

References

https://patchstack.com/database/wordpress/theme/snsevon/v...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Mar 11, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

WordPress

What is CVE-2025-28991?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit