CVE-2025-68552
Local File Inclusion in WooCommerce Coming Soon Product
Publication date: 2026-02-20
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webcodingplace | woo_coming_soon_product | From 5.0 (inc) |
| webcodingplace | woo_coming_soon_product_with_countdown | to 5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68552 is a Local File Inclusion (LFI) vulnerability found in the WordPress WooCommerce Coming Soon Product with Countdown Plugin versions 5.0 and earlier.
This vulnerability allows an attacker to include and display local files from the target website by exploiting improper control of filename parameters in PHP include/require statements.
An attacker with subscriber-level privileges can exploit this flaw to access sensitive files on the server.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to exposure of sensitive information such as database credentials.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, an attacker could potentially take over the entire database."}, {'type': 'paragraph', 'content': 'This can result in severe security breaches including data theft, unauthorized access, and further compromise of the website.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker to include and display local files via the WooCommerce Coming Soon Product with Countdown Plugin versions 5.0 and earlier. Detection can involve monitoring for suspicious HTTP requests attempting to exploit Local File Inclusion (LFI) patterns targeting this plugin.'}, {'type': 'list_item', 'content': 'Check web server logs for requests containing suspicious parameters that include local file paths or traversal sequences (e.g., ../).'}, {'type': 'list_item', 'content': 'Use commands like grep to search access logs for common LFI payloads, for example: grep -iE "(\\.{2}/|etc/passwd|php://)" /var/log/apache2/access.log'}, {'type': 'list_item', 'content': 'Employ web application firewall (WAF) logs or rules provided by Patchstack to detect and block exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The most effective immediate step is to update the WooCommerce Coming Soon Product with Countdown Plugin to version 5.1 or later, where this vulnerability is patched.
Until the update can be applied, users should implement the mitigation rules provided by Patchstack to block attacks targeting this vulnerability.
Enabling automatic vulnerability mitigation and auto-update features for affected plugins can also help reduce risk.
Additionally, monitor your systems for suspicious activity and restrict subscriber-level privileges where possible to limit exploitation potential.