PHP Local File Inclusion in Select-Themes Struktur by WordPress
CVE-2025-69407
8.1HIGH
What is CVE-2025-69407?
The vulnerability in the Struktur theme for WordPress arises from improper control of the filename in 'include' or 'require' statements, leading to potential Local File Inclusion (LFI) attacks. This allows attackers to access sensitive files on the server, which can result in unauthorized data exposure or server compromise. The affected versions are from n/a to 2.5.1, highlighting the importance of updating to prevent exploitation.
Affected Version(s)
Struktur 0 <= 2.5.1
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program