Local File Inclusion Vulnerability in Axiomthemes Racquet Theme
CVE-2025-69369

8.1HIGH

Key Information:

Vendor: WordPress
Status: Racquet
Vendor: CVE Published:; 2 June 2026

What is CVE-2025-69369?

The Axiomthemes Racquet theme is affected by a vulnerability that allows for PHP Local File Inclusion, resulting from improper control of filenames in the Include/Require statement. This flaw can be exploited by attackers to execute arbitrary PHP code through crafted requests, potentially leading to unauthorized access or data breaches. Users of Racquet versions 1.12.0 and below are advised to take immediate action to secure their installations.

Affected Version(s)

Racquet <= 1.12.0

References

https://patchstack.com/database/wordpress/theme/racquet/v...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Dec 31, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program

CVE-2025-69369 Data

JSON

WordPress

What is CVE-2025-69369?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit