CVE-2025-58953
Deferred Deferred - Pending Action
Unauthenticated Local File Inclusion in Joly <= 1.22.0

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-58953
EUVD
EUVD-2025-210219
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
joly joly to 1.23.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated attackers to include local files on the target website, potentially exposing sensitive data such as database credentials and leading to a complete database takeover.

Exposure of sensitive data due to this vulnerability could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Therefore, if exploited, this vulnerability could result in violations of these standards due to data breaches and unauthorized data exposure.

Executive Summary

CVE-2025-58953 is a Local File Inclusion (LFI) vulnerability found in the WordPress Joly Theme versions 1.22.0 and below. It allows unauthenticated attackers to include local files on the target website.

This means attackers can potentially access sensitive files on the server, such as configuration files or database credentials, without needing to log in or have any privileges.

Impact Analysis

The vulnerability can lead to severe impacts including exposure of sensitive data like database credentials.

Attackers can use this information to take over the entire database, compromising the integrity, confidentiality, and availability of the website's data.

Because the vulnerability is unauthenticated and has a high CVSS score of 8.1, it poses a high risk and can be exploited in mass campaigns targeting thousands of websites.

Detection Guidance

This vulnerability involves unauthenticated Local File Inclusion (LFI) in the WordPress Joly Theme versions 1.22.0 and below. Detection typically involves monitoring for suspicious HTTP requests attempting to include local files.

You can detect exploitation attempts by inspecting web server logs for requests containing typical LFI payloads such as directory traversal sequences (e.g., "../") or attempts to access sensitive files like "/etc/passwd".

Example commands to search for such attempts in Apache or Nginx logs:

  • grep -iE "(\.\./|etc/passwd|boot.ini)" /var/log/apache2/access.log
  • grep -iE "(\.\./|etc/passwd|boot.ini)" /var/log/nginx/access.log

Additionally, network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to detect and alert on such LFI attack patterns.

Mitigation Strategies

The immediate and most effective mitigation is to update the WordPress Joly Theme to version 1.23.0 or later, where this vulnerability has been patched.

Until the update can be applied, it is recommended to implement the mitigation rule provided by Patchstack to block attack attempts targeting this vulnerability.

Additional mitigation steps include:

  • Restrict access to the vulnerable endpoints using web server configuration or firewall rules.
  • Monitor logs for suspicious activity and block offending IP addresses.
  • Use a Web Application Firewall (WAF) to detect and block LFI attack patterns.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58953. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart