Local File Inclusion Vulnerability in Neo Ocular Theme by Elated Themes
CVE-2025-67920

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Neo Ocular
Vendor: CVE Published:; 8 January 2026

What is CVE-2025-67920?

The Elated Themes Neo Ocular theme is susceptible to a local file inclusion vulnerability due to improper control of filenames in PHP include/require statements. This flaw allows attackers to exploit the theme by including arbitrary files from the server, potentially leading to unauthorized access or exposure of sensitive data. The issue affects versions of Neo Ocular prior to 1.2, highlighting the importance of timely updates and patching to mitigate security risks.

Affected Version(s)

Neo Ocular <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/neooc...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 8, 2026
Vulnerability Reserved
Dec 15, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-67920?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit