CVE-2025-28946
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-28946 is a Local File Inclusion (LFI) vulnerability in the WordPress PrintXtore theme up to version 1.7.5. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filenames in PHP include/require statements. This can expose sensitive files such as those containing database credentials, potentially leading to full database takeover depending on the siteβs configuration. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive files like database credentials, which may lead to full database takeover. Since it requires no authentication to exploit, attackers can widely exploit it to compromise the website, potentially leading to data breaches, loss of data integrity, and service availability issues. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion vulnerability can be done by monitoring web server logs for suspicious requests attempting to include local files via the PrintXtore theme. Since the vulnerability allows unauthenticated attackers to include local files, look for HTTP requests with parameters that include file paths or attempts to access sensitive files. Additionally, using the Patchstack virtual patch can help block attack attempts and thus serve as a detection mechanism. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) which blocks attack attempts without impacting website performance. Since no official patch is currently available, using this virtual patch is critical. It is also recommended to perform professional incident response and server-side malware scanning if a compromise is suspected. Avoid relying solely on plugin-based malware scanners as they can be tampered with. [1]