CVE-2025-49883
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) flaw in the WordPress Greenmart theme (versions up to 4.2.3). It allows unauthenticated attackers to include and display local files from the target website. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover depending on the website's configuration. The vulnerability is classified under OWASP Top 10 category A3: Injection. [1]
How can this vulnerability impact me? :
Exploiting this vulnerability can allow attackers to access sensitive files on your website without any special privileges. This can lead to exposure of confidential data like database credentials and may result in a full database takeover. Because no authentication is required, the risk is high and the vulnerability is expected to be widely exploited, potentially causing severe damage to your website's security and data integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion (LFI) vulnerability can involve monitoring web server logs for suspicious requests attempting to include local files via the Greenmart theme. Specific commands are not provided in the resources, but typical detection methods include searching for URL parameters containing file inclusion patterns such as '../' or attempts to access sensitive files. Using web application scanners or tools that detect LFI vulnerabilities targeting Greenmart theme versions up to 4.2.3 is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Greenmart theme to version 4.2.4 or later, which contains the fix for this vulnerability. Until the update can be applied, applying the virtual patch provided by Patchstack to block attacks is advised. Additionally, monitoring for signs of compromise and considering professional incident response services if exploitation is suspected are recommended. [1]