Local File Inclusion Vulnerability in WPCafe by Themewinter
CVE-2025-39452

7.5HIGH

Key Information:

Vendor: WordPress
Status: WPcafe
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-39452?

A vulnerability in the WPCafe plugin by Themewinter allows attackers to manipulate include/require statements through improper control of filenames. This leads to potential PHP Local File Inclusion, enabling unauthorized access to sensitive files on the server. This issue affects versions of WPCafe from n/a up to 2.2.32, posing a significant risk to WordPress installations that utilize this plugin.

Affected Version(s)

WPCafe 0 <= 2.2.32

References

https://patchstack.com/database/Wordpress/Plugin/wp-cafe/...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

theviper17 (Patchstack Alliance)

CVE-2025-39452 Data

JSON