CVE-2025-28992
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) issue in the WordPress SNS Anton Theme up to version 4.1. It allows unauthenticated attackers to include and display local files from the target website by improperly controlling the filename used in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover depending on the website's configuration. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to exposure of sensitive information like database credentials and may result in a complete database takeover. This poses a high risk to the affected website's confidentiality, integrity, and availability. Automated attacks are expected to target this vulnerability widely, increasing the urgency for mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion vulnerability can be approached by monitoring web server logs for suspicious requests attempting to include local files via the SNS Anton theme. Since the vulnerability allows unauthenticated attackers to include local files, look for HTTP requests with parameters that reference local file paths or typical LFI payloads. Additionally, applying the Patchstack virtual patch can help block attack attempts and provide logs of such attempts. Specific commands are not provided in the resources, but monitoring access logs with tools like grep for suspicious patterns or using web application firewalls with LFI detection rules is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack, which blocks attack attempts targeting this Local File Inclusion vulnerability until an official fix is released. Users should also consider engaging professional incident response services if their sites have been compromised, as plugin-based malware scanners may not reliably detect infections. Monitoring and restricting access to vulnerable endpoints and keeping backups are also advisable until an official patch is available. [1]