PHP Remote File Inclusion Vulnerability in Docket Cache by Nawawi Jamili
CVE-2025-68506

Currently unrated

Key Information:

Vendor: WordPress
Status: Docket Cache
Vendor: CVE Published:; 24 December 2025

What is CVE-2025-68506?

The Docket Cache plugin by Nawawi Jamili is susceptible to a PHP Remote File Inclusion vulnerability, allowing attackers to exploit improper control of filename parameters in include/require statements. This may lead to unauthorized access to local files on the server, jeopardizing the integrity and security of WordPress sites running affected versions. It is critical for users to update their Docket Cache plugin to the latest version to mitigate this significant security threat.

Affected Version(s)

Docket Cache <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/dock...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2025
Vulnerability Reserved
Dec 19, 2025

Credit

Nguyen Xuan Chien | Patchstack Bug Bounty Program

JSON