Local File Inclusion Vulnerability in reDim GmbH CookieHint WP Plugin
CVE-2025-68870

7.5HIGH

Key Information:

Vendor: WordPress
Status: Cookiehint WP
Vendor: CVE Published:; 29 December 2025

What is CVE-2025-68870?

The reDim GmbH CookieHint WP plugin is susceptible to a Local File Inclusion vulnerability, which occurs due to improper handling of filenames for include or require statements in PHP. This flaw potentially permits attackers to include arbitrary files from the server, leading to unauthorized access to sensitive information. The affected versions include from n/a to 1.0.0, making it crucial for users to evaluate their installations for this security weakness and apply necessary updates to mitigate risks.

Affected Version(s)

CookieHint WP <= 1.0.0

References

https://vdp.patchstack.com/database/wordpress/plugin/cook...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2025
Vulnerability Reserved
Dec 24, 2025

Credit

Nguyen Xuan Chien | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-68870?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit