CVE-2025-68841
PHP Local File Inclusion in TopperPack β€ 1.2.1 Allows Code Execution
Publication date: 2026-02-20
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themepul | topper_pack | to 1.2.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-68841 is a Local File Inclusion (LFI) vulnerability in the WordPress plugin "TopperPack β Complete Elementor Addons, Theme & CPT Builder" versions up to and including 1.2.1.'}, {'type': 'paragraph', 'content': 'This vulnerability allows an attacker to include local files from the target website and display their contents by exploiting improper control of filename for include/require statements in PHP.'}, {'type': 'paragraph', 'content': 'Exploitation requires user interaction by a privileged user, such as clicking a malicious link, visiting a crafted page, or submitting a form.'}] [1]
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information such as database credentials by allowing attackers to include and view local files on the server.
This exposure can potentially lead to database takeover or further compromise of the affected system.
Because it is classified as a high severity issue with a CVSS score of 7.5 and listed under OWASP Top 10 A1: Broken Access Control, it poses a significant security risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for attempts to exploit Local File Inclusion (LFI) in the TopperPack plugin, such as unusual requests containing file path parameters or suspicious URL patterns that try to include local files.'}, {'type': 'paragraph', 'content': 'You can use web server access logs to search for suspicious requests that include file path traversal strings or attempts to include local files.'}, {'type': 'list_item', 'content': 'Use grep or similar tools to search for suspicious patterns in logs, for example: grep -iE "(\\.|\\./|etc/passwd|php://)" /var/log/apache2/access.log'}, {'type': 'list_item', 'content': 'Monitor HTTP requests for parameters that include file paths or unusual input, e.g., using tools like Wireshark or network IDS with rules targeting LFI attempts.'}, {'type': 'paragraph', 'content': 'Since exploitation requires user interaction with crafted links or forms, monitoring user activity and web application logs for unexpected behavior can also help detect attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack mitigation rule designed to block attacks exploiting this vulnerability until an official patch is released.
Restrict access to the affected plugin and monitor for suspicious activity to prevent exploitation.
Advise privileged users to avoid clicking on untrusted links or submitting forms that could trigger the vulnerability.
Keep the plugin updated and apply any future patches as soon as they become available.