CVE-2025-68063
Deferred Deferred - Pending Action
Contributor Local File Inclusion in Splash Sport Club WordPress Theme

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2025-68063
EUVD
EUVD-2025-210358
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The Local File Inclusion (LFI) vulnerability in the Splash - Sport Club WordPress Theme could potentially expose sensitive files, such as database credentials, depending on the website's configuration.

Exposure of sensitive data through this vulnerability may lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information.

Therefore, if exploited, this vulnerability could negatively impact compliance with such standards by risking unauthorized access to protected data.

Executive Summary

The vulnerability is a Local File Inclusion (LFI) flaw found in the Splash - Sport Club WordPress Theme for Basketball, Football, Hockey versions 4.4.3 and below.

This security issue allows attackers to include and display local files from the target website, potentially exposing sensitive information.

The vulnerability has been fixed in version 4.4.4 of the theme.

Impact Analysis

Exploitation of this vulnerability could lead to the exposure of sensitive files on the affected website, such as database credentials, depending on the website's configuration.

This exposure can compromise the confidentiality, integrity, and availability of the website and its data.

The CVSS score of 7.5 indicates a moderate risk level, meaning the impact can be significant but requires certain conditions to be met.

Mitigation Strategies

The vulnerability affects Splash - Sport Club WordPress Theme for Basketball, Football, Hockey versions 4.4.3 and below.

To mitigate this vulnerability, users should update the theme to version 4.4.4 or later, where the issue has been patched.

Detection Guidance

This vulnerability affects the WordPress theme "Splash - Sport Club WordPress Theme for Basketball, Football, Hockey" versions 4.4.3 and below. Detection involves identifying if this vulnerable theme version is installed on your WordPress site.

To detect the presence of the vulnerable theme version, you can check the theme version via the WordPress admin dashboard or by inspecting the theme files on the server.

A simple command to check the theme version on the server (if you have shell access) is to look for the style.css file inside the theme directory and check its header for the version number. For example:

  • cat wp-content/themes/splash/style.css | grep Version

Alternatively, you can scan your web server for the presence of the vulnerable theme by requesting known theme files and checking their contents or version strings.

Since this is a Local File Inclusion vulnerability, network detection might involve monitoring for suspicious HTTP requests attempting to exploit LFI patterns targeting the theme, such as requests including local file paths in parameters related to the theme.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68063. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart