CVE-2025-63017
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fuelthemes | werkstatt_plugin | to 1.6.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-63017 is a Local File Inclusion (LFI) vulnerability in the WordPress WerkStatt Plugin versions up to and including 1.6.6. It allows an attacker with contributor or developer privileges to include and display local files from the target website. These files may contain sensitive information such as database credentials, potentially leading to a complete database takeover depending on the website's configuration. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to access and display sensitive local files on the website, which may include database credentials. This could lead to a complete database takeover, compromising the confidentiality and integrity of the website's data and potentially causing significant security breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion (LFI) vulnerability can involve checking for unusual file inclusion behavior in the WerkStatt Plugin, especially attempts to include local files via PHP include/require statements. Since the vulnerability allows an attacker with contributor or developer privileges to include local files, monitoring web server logs for suspicious requests that attempt to include files or contain directory traversal patterns (e.g., ../) can help detect exploitation attempts. Specific commands might include using grep on web server logs to find suspicious parameters, for example: grep -i 'include' /var/log/apache2/access.log or grep -E '\.\./' /var/log/apache2/access.log. Additionally, scanning the plugin files for vulnerable code patterns related to improper control of filename in include/require statements can be done using code analysis tools or grep commands searching for include or require statements with user input. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting contributor or developer privileges to trusted users only, as exploitation requires such privileges. Since no official fix or patched version is currently available, it is recommended to disable or remove the WerkStatt Plugin if possible until a patch is released. Additionally, monitoring and logging for suspicious file inclusion attempts should be enhanced. Applying web application firewall (WAF) rules to block attempts to exploit Local File Inclusion vulnerabilities can also help mitigate risk. Regular backups and limiting file permissions on the server to prevent unauthorized file access are advisable. [1]