CVE-2025-28947
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-28947 is a Local File Inclusion (LFI) vulnerability in the MBStore - Digital WooCommerce WordPress Theme up to version 2.3. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filenames in PHP include/require statements. This can expose sensitive files such as those containing database credentials, potentially leading to a complete database takeover depending on the server configuration. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive files on the server, such as database credentials, which can lead to a complete takeover of the database. Attackers can exploit this flaw without authentication, increasing the risk of mass exploitation. This can result in data breaches, loss of data integrity, and availability issues on the affected website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion vulnerability can be done by monitoring for attack attempts that try to include local files via the vulnerable theme. Since automated exploitation is common, inspecting web server logs for suspicious requests targeting the MBStore theme with parameters attempting to include local files is recommended. However, plugin-based malware scanners may be unreliable for this vulnerability. Patchstack provides a virtual patch that blocks attack attempts, which can also help in detection by logging blocked attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying Patchstack's virtual patch (vPatch), which blocks attack attempts without requiring changes to the theme code. Since no official patch or fixed version is available yet, virtual patching is the fastest and most effective interim solution. Users should also monitor for updates and consider professional incident response services if compromise is suspected. [1]