PHP Remote File Inclusion Vulnerability in Select-Themes Stockholm Core Plugin
CVE-2025-68067

Currently unrated

Key Information:

Vendor

WordPress
Status
Stockholm Core
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68067?

The Select-Themes Stockholm Core Plugin contains a vulnerability that allows for PHP Local File Inclusion due to improper control of filenames in Include/Require statements. This can lead to unauthorized access to sensitive files and potential server compromise. Affected versions up to 2.4.6 are prone to exploitation, making it crucial for users to ensure they are using an updated version to mitigate this risk.

Affected Version(s)

Stockholm Core <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/stoc...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68067 : PHP Remote File Inclusion Vulnerability in Select-Themes Stockholm Core Plugin