Local File Inclusion Vulnerability in Traveler Theme by ShineTheme
CVE-2025-64373

Currently unrated

Key Information:

Vendor

WordPress
Status
Traveler
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64373?

The Traveler theme by ShineTheme is susceptible to a Local File Inclusion vulnerability, allowing attackers to exploit improper control over filenames in PHP's include/require statements. This flaw can lead to the execution of arbitrary code due to the inclusion of local files, posing a significant risk to website security. The issue affects all versions of the Traveler theme prior to version 3.2.6.

Affected Version(s)

Traveler <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/trave...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64373 : Local File Inclusion Vulnerability in Traveler Theme by ShineTheme