CVE-2025-59588
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pencidesign | soledad | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) issue in the WordPress Soledad Theme up to version 8.6.8. It allows a malicious user with contributor-level privileges to include and display local files from the website. These files may contain sensitive information such as database credentials, potentially leading to a complete database takeover depending on the website's configuration. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to access sensitive files on the server, including those containing database credentials. This could lead to a full database takeover, compromising the confidentiality, integrity, and availability of the website and its data. However, exploitation is considered unlikely and the vulnerability has a low patch priority. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if your WordPress site is running Soledad Theme version 8.6.8 or earlier. Additionally, monitoring for unusual file inclusion attempts or access to sensitive local files in web server logs may help. Since the vulnerability allows inclusion of local files by users with contributor-level privileges, reviewing user activity and access logs for suspicious behavior is recommended. Specific commands are not provided in the resources, but general approaches include searching web server logs for suspicious requests and scanning the site for the vulnerable theme version. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Soledad Theme to version 8.6.9 or later, where the vulnerability is fixed. If updating is not immediately possible, applying virtual patching (vPatching) offered by Patchstack can help mitigate the vulnerability rapidly. Additionally, it is recommended to perform professional incident response and server-side malware scanning if compromise is suspected. [1]