CVE-2025-69383
Awaiting Analysis Awaiting Analysis - Queue
Local File Inclusion in WP Shop ≀ 2.6.1 Enables Code Execution

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69383
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eoxia wpshop 2.6.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69383 is a Local File Inclusion (LFI) vulnerability in the WordPress WP shop Plugin versions up to and including 2.6.1. It allows an attacker to include and display local files from the target website, potentially exposing sensitive information such as database credentials.

Exploitation requires user interaction by a privileged user, such as clicking a malicious link, visiting a crafted page, or submitting a form. The vulnerability is classified under OWASP Top 10 category A3: Injection.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can lead to the exposure of sensitive information stored on the server, including database credentials, by allowing attackers to include and view local files.'}, {'type': 'paragraph', 'content': "Successful exploitation requires a privileged user's action, but once exploited, it can compromise the confidentiality of critical data and potentially lead to further attacks on the affected website."}, {'type': 'paragraph', 'content': 'The vulnerability has a high severity level with a CVSS score of 7.5.'}] [1]

Compliance Impact

I don't know

Detection Guidance

The provided resources do not include specific commands or methods to detect this Local File Inclusion (LFI) vulnerability on your network or system.

Mitigation Strategies

Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is available.

Since no official patch is currently available, it is recommended to use automated protection solutions provided by Patchstack to secure affected websites.

Additionally, restricting privileged user interactions that could trigger exploitation (such as clicking malicious links or submitting crafted forms) can help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69383. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart