PHP Local File Inclusion in Select-Themes Struktur by WordPress
CVE-2025-69407

8.1HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
20 February 2026

What is CVE-2025-69407?

The vulnerability in the Struktur theme for WordPress arises from improper control of the filename in 'include' or 'require' statements, leading to potential Local File Inclusion (LFI) attacks. This allows attackers to access sensitive files on the server, which can result in unauthorized data exposure or server compromise. The affected versions are from n/a to 2.5.1, highlighting the importance of updating to prevent exploitation.

Affected Version(s)

Struktur 0 <= 2.5.1

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
.