CVE-2025-69058
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-29

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through <= 1.1.15.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-29
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69058
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ancorathemes partymaker to 1.1.15 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69058 is a Local File Inclusion (LFI) vulnerability in the WordPress PartyMaker Theme (versions up to 1.1.15). It allows an unauthenticated attacker to include and display local files from the target website by exploiting improper control of filenames in PHP include/require statements. This can expose sensitive information such as database credentials and is classified under OWASP Top 10 category A3: Injection. [1]

Impact Analysis

This vulnerability can allow attackers to access and display sensitive files on the affected website, potentially exposing critical information like database credentials. Depending on the website's configuration, exploitation could lead to a complete database takeover, severely compromising the security and integrity of the website. [1]

Mitigation Strategies

Since no official fix is currently available for the PartyMaker theme, it is recommended to apply the mitigation rule issued by Patchstack to block attacks exploiting this Local File Inclusion vulnerability. Immediate mitigation or resolution is advised to protect affected websites until an official patch is released. [1]

Compliance Impact

The vulnerability allows unauthenticated attackers to include local files and potentially expose sensitive information such as database credentials, which could lead to a complete database takeover. This exposure of sensitive data can result in non-compliance with data protection regulations like GDPR and HIPAA, as it compromises the confidentiality and integrity of personal and protected health information. Therefore, affected systems may be at risk of violating these standards if the vulnerability is exploited. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69058. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart