Remote File Inclusion Vulnerability in ApusTheme ITok by Patchstack
CVE-2025-62014

Currently unrated

Key Information:

Vendor

WordPress
Status
Itok
Vendor
CVE Published:
6 November 2025

What is CVE-2025-62014?

The ApusTheme ITok contains a vulnerability that allows for Remote File Inclusion (RFI) due to improper control of filename parameters in PHP include/require statements. This flaw could enable an attacker to execute malicious code through the inclusion of arbitrary files, potentially compromising the integrity and security of affected systems. Users of ITok versions up to 1.1.42 are advised to update their installations to mitigate this risk.

Affected Version(s)

ITok <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/itok/...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-62014 : Remote File Inclusion Vulnerability in ApusTheme ITok by Patchstack