Local File Inclusion Vulnerability in ApusTheme Capie Affects WordPress
CVE-2025-31060

8.1HIGH

Key Information:

Vendor: WordPress
Status: Capie
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-31060?

A crucial vulnerability exists in the ApusTheme Capie that allows an attacker to exploit improper control of filename parameters used in include or require statements. This flaw permits the possibility of PHP Local File Inclusion, potentially allowing unauthorized access to local files within the server. The versions affected include Capie up to 1.0.40, posing a significant risk to the security of any WordPress site using this theme. Ensure your website is safe by implementing patches and updates promptly.

Affected Version(s)

Capie <= 1.0.40

References

https://patchstack.com/database/wordpress/theme/capie/vul...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)