PHP Remote File Inclusion Vulnerability in LiquidThemes Hub Core
CVE-2025-68065

Currently unrated

Key Information:

Vendor

WordPress
Status
Hub Core
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68065?

A vulnerability in LiquidThemes Hub Core allows for improper control of filenames used for include or require statements. This PHP Remote File Inclusion issue can lead to local file inclusion, posing significant risks to users running affected versions of the Hub Core plugin. The flaw exists in the software versions up to 5.0.8, enabling malicious actors to potentially execute unauthorized commands. Website administrators are advised to review their installations and apply updates to mitigate exposure.

Affected Version(s)

Hub Core <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/hub-...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68065 : PHP Remote File Inclusion Vulnerability in LiquidThemes Hub Core