PHP Local File Inclusion Vulnerability in PenciDesign PenNews Theme
CVE-2025-64223

Currently unrated

Key Information:

Vendor

WordPress
Status
Pennews
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64223?

The PenNews theme by PenciDesign is vulnerable to PHP Local File Inclusion due to improper control over filename handling in include/require statements. This vulnerability allows attackers to access sensitive files on the server, potentially leading to unauthorized data exposure. Affected versions include all PenNews versions prior to 6.7.3. Site administrators are urged to apply updates to mitigate risks related to this vulnerability.

Affected Version(s)

PenNews <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/penne...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64223 : PHP Local File Inclusion Vulnerability in PenciDesign PenNews Theme