CVE-2025-69074
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ancorathemes | pearson_specter | From 1.0.0 (inc) to 1.11.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69074 is a Local File Inclusion (LFI) vulnerability in the WordPress Pearson Specter Theme (versions up to 1.11.3). It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename input in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to further compromise of the website. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to access and display sensitive local files on your website, including database credentials. Depending on your website's configuration, exploitation could lead to a complete database takeover, resulting in data loss, unauthorized access, and potential full compromise of your website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for attempts to exploit the Local File Inclusion vulnerability by looking for unusual HTTP requests targeting the vulnerable theme, especially those attempting to include local files. Specific commands are not provided in the resources, but network administrators can use web server logs to search for suspicious URL patterns related to file inclusion attempts. Additionally, deploying the Patchstack mitigation rule can help detect and block exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack mitigation rule that blocks attacks targeting this Local File Inclusion vulnerability. Since no official patch is currently available for the Pearson Specter theme, using this mitigation rule provides immediate protection until an official fix is released. It is also recommended to monitor and restrict access to sensitive files and consider disabling or replacing the vulnerable theme if possible. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to include and display local files from the target website, potentially exposing sensitive information such as database credentials. This exposure of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information. Therefore, exploitation of this vulnerability may result in violations of these standards due to unauthorized data disclosure. [1]