CVE-2025-28944
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-28944 is a Local File Inclusion (LFI) vulnerability in the WordPress Avaz Theme versions up to and including 2.8. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover depending on the website's configuration. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive information like database credentials, unauthorized access to local files, and potentially a complete takeover of the website's database. Because it can be exploited without authentication and has a high severity score (8.1), it poses a significant risk to affected websites, potentially leading to data breaches and loss of control over the site. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards and regulations such as GDPR and HIPAA because it can lead to unauthorized exposure of sensitive personal or protected health information. A data breach resulting from this vulnerability could violate data protection requirements, leading to legal and financial consequences under these regulations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for attack attempts that try to exploit the Local File Inclusion vulnerability. Since the vulnerability allows unauthenticated attackers to include local files, suspicious HTTP requests containing file inclusion patterns (e.g., requests with parameters including '../' or file paths) should be logged and analyzed. Patchstack recommends professional incident response and server-side malware scanning rather than relying on plugin-based malware scanners. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the virtual patch (vPatch) provided by Patchstack, which blocks attack attempts until an official fix is released. Since no official patch is currently available, applying this virtual patch is the recommended step. Additionally, professional incident response and server-side malware scanning are advised if a site is compromised. Avoid relying solely on plugin-based malware scanners as they can be tampered with by attackers. [1]