PHP Remote File Inclusion Vulnerability in ThemeMove EduMall
CVE-2025-68061

Currently unrated

Key Information:

Vendor

WordPress
Status
Edumall
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68061?

The ThemeMove EduMall theme is affected by a PHP Remote File Inclusion vulnerability due to improper control of filenames in include or require statements. This flaw allows for local file inclusion, enabling unauthorized access to sensitive information and potential manipulation of server-side scripts. Users of EduMall versions up to 4.4.7 should apply the necessary updates to mitigate risk and secure their installations.

Affected Version(s)

EduMall <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/eduma...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68061 : PHP Remote File Inclusion Vulnerability in ThemeMove EduMall