PHP Remote File Inclusion Vulnerability in Edge-Themes Overworld Theme
CVE-2025-69050

8.1HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
22 January 2026

What is CVE-2025-69050?

The Edge-Themes Overworld theme for WordPress is vulnerable to a PHP Remote File Inclusion (RFI) issue that allows attackers to exploit improper control of filename in include/require statements. This vulnerability can lead to local file inclusion, compromising the security of affected websites. Site owners using Overworld version 1.3 or earlier should take immediate action to apply security updates to prevent potential exploitation.

Affected Version(s)

Overworld 0 <= 1.3

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bonds | Patchstack Bug Bounty Program
.