PHP Remote File Inclusion Vulnerability in ThemeMove Unicamp by ThemeMove
CVE-2025-54701

8.1HIGH

Key Information:

Vendor: WordPress
Status: Unicamp
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-54701?

The ThemeMove Unicamp is susceptible to a PHP Remote File Inclusion vulnerability, which allows attackers to execute arbitrary files on the server. This security flaw is triggered by improper control of filename inputs in include or require statements, potentially leading to local file inclusion. With versions from n/a to 2.6.3 affected, this escalation could expose sensitive data and compromise site integrity. It is essential for users to update to a secure version to mitigate risks associated with this vulnerability.

Affected Version(s)

Unicamp <= 2.6.3

References

https://patchstack.com/database/wordpress/theme/unicamp/v...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jul 28, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

WordPress

What is CVE-2025-54701?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit