Local File Inclusion Vulnerability in CocoBasic Neresa Theme by WordPress
CVE-2025-49383

8.1HIGH

Key Information:

Vendor: WordPress
Status: Neresa
Vendor: CVE Published:; 28 August 2025

What is CVE-2025-49383?

The CocoBasic Neresa theme for WordPress has a vulnerability that arises from improper control over file names in PHP include/require statements. This flaw allows for local file inclusion, permitting an attacker to execute unauthorized files on the server. Specifically, it affects versions of the Neresa theme prior to 1.3, posing significant risks to sites utilizing this theme. It’s crucial for users to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Neresa <= 1.3

References

https://patchstack.com/database/wordpress/theme/neresa-wp...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)