CVE-2025-69383
Awaiting Analysis Awaiting Analysis - Queue
Local File Inclusion in WP Shop ≀ 2.6.1 Enables Code Execution

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-24
Generated
2026-05-07
AI Q&A
2026-02-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-69383
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eoxia wpshop 2.6.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-69383 is a Local File Inclusion (LFI) vulnerability in the WordPress WP shop Plugin versions up to and including 2.6.1. It allows an attacker to include and display local files from the target website, potentially exposing sensitive information such as database credentials.

Exploitation requires user interaction by a privileged user, such as clicking a malicious link, visiting a crafted page, or submitting a form. The vulnerability is classified under OWASP Top 10 category A3: Injection.


How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': 'This vulnerability can lead to the exposure of sensitive information stored on the server, including database credentials, by allowing attackers to include and view local files.'}, {'type': 'paragraph', 'content': "Successful exploitation requires a privileged user's action, but once exploited, it can compromise the confidentiality of critical data and potentially lead to further attacks on the affected website."}, {'type': 'paragraph', 'content': 'The vulnerability has a high severity level with a CVSS score of 7.5.'}] [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The provided resources do not include specific commands or methods to detect this Local File Inclusion (LFI) vulnerability on your network or system.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is available.

Since no official patch is currently available, it is recommended to use automated protection solutions provided by Patchstack to secure affected websites.

Additionally, restricting privileged user interactions that could trigger exploitation (such as clicking malicious links or submitting crafted forms) can help reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart