CVE-2025-26592
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-26592 is a Local File Inclusion (LFI) vulnerability in the WordPress Inset Theme up to version 1.18.0. It allows an unauthenticated attacker to include and display local files from the target website by exploiting improper control of filename in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive information like database credentials, which can lead to unauthorized access and potentially a complete takeover of the website's database. It poses a high risk of mass exploitation by automated attacks targeting unpatched sites, making affected websites vulnerable to data breaches and service disruption. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards such as GDPR and HIPAA because it can lead to unauthorized disclosure of sensitive personal or protected health information. A data breach resulting from this vulnerability could result in violations of data protection regulations, leading to legal and financial consequences. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion vulnerability can be challenging as plugin-based malware scanners are often unreliable. Patchstack recommends monitoring for attack attempts targeting the vulnerability, which typically involve requests attempting to include local files via the vulnerable PHP include/require statements. Specific detection commands are not provided in the resources. However, monitoring web server logs for suspicious requests containing file inclusion patterns (e.g., requests with parameters attempting to include files like ../../etc/passwd) can help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack, which blocks attacks targeting this vulnerability without requiring changes to the theme code. Since no official fix or patched version is currently available, using this virtual patch is the recommended fast protection measure. Additionally, website owners should consider engaging professional incident response services if their sites have been compromised, and closely monitor for exploitation attempts. [1]