CVE-2025-53247
BaseFortify
Publication date: 2025-08-28
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | blogmarks_theme | 1.0.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper control of the filename used in include or require statements in PHP within the WPInterface BlogMarks plugin. It allows PHP Local File Inclusion, meaning an attacker can trick the application into including unintended files on the server, potentially leading to unauthorized code execution or information disclosure.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized disclosure of sensitive information, execution of arbitrary code, and complete compromise of the affected system. It can lead to data breaches, service disruption, and loss of system integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards like GDPR and HIPAA because it may lead to unauthorized access or disclosure of sensitive personal or health information, violating data protection and privacy requirements.