CVE-2025-69387
Local File Inclusion in Simple Retail Menus
Publication date: 2026-02-20
Last updated on: 2026-02-24
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | simple_retail_menus | From 4.2.1|end_including=4.2.1 (inc) |
| whatwouldjessedo | simple_retail_menus | to 4.2.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69387 is a Local File Inclusion (LFI) vulnerability in the WordPress Simple Retail Menus Plugin versions up to and including 4.2.1.
This vulnerability allows an attacker to include and display local files from the target website, potentially exposing sensitive information such as database credentials.
Exploitation requires a privileged user to interact with a malicious link, crafted page, or form, but no authentication is needed for the initial exploitation.
It is classified under OWASP Top 10 A3: Injection and has a high severity with a CVSS score of 7.5.
How can this vulnerability impact me? :
This vulnerability can lead to exposure of sensitive files on the target website, including database credentials.
If exploited, it may result in unauthorized access to sensitive information and potentially a database takeover depending on the websiteβs configuration.
The attack requires user interaction by a privileged user, which means social engineering or tricking such a user is part of the exploitation process.
No official patch is currently available, so immediate mitigation or blocking rules are recommended to prevent exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a Local File Inclusion (LFI) issue in the Simple Retail Menus WordPress plugin up to version 4.2.1, which can be exploited by an attacker to include local files via crafted requests.'}, {'type': 'paragraph', 'content': 'Detection can involve monitoring web server logs for suspicious requests that attempt to include local files, such as requests containing file path traversal patterns or unusual parameters targeting the plugin.'}, {'type': 'paragraph', 'content': 'While no specific commands are provided in the resources, typical detection commands might include searching web server logs for suspicious URL patterns. For example, using grep on Apache or Nginx logs to find requests with suspicious parameters:'}, {'type': 'list_item', 'content': "grep -i 'simple-retail-menus' /var/log/apache2/access.log | grep -E '(\\.|\\/)\\.{1,2}(/|\\\\)'"}, {'type': 'list_item', 'content': "grep -i 'simple-retail-menus' /var/log/nginx/access.log | grep -E '(\\.|\\/)\\.{1,2}(/|\\\\)'"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for unexpected file inclusion attempts or unusual user activity involving privileged users clicking suspicious links or submitting forms related to the plugin can help detect exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying any available mitigation rules provided by Patchstack to block attack attempts targeting this vulnerability.
Since no official patch is currently available, it is advised to implement web application firewall (WAF) rules or other security controls to block requests attempting to exploit the Local File Inclusion vulnerability.
Additionally, restrict access to the affected plugin or disable it temporarily if possible, and educate privileged users to avoid clicking suspicious links or submitting untrusted forms.
Monitoring and logging should be enhanced to detect any exploitation attempts early.