CVE-2025-69125
Deferred Deferred - Pending Action
Unauthenticated Local File Inclusion in Food Drop

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69125
EUVD
EUVD-2025-210202
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack food_drop to 1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Food Drop Theme, versions 1.3 and below, contains a Local File Inclusion (LFI) vulnerability that allows unauthenticated attackers to include local files on the target website.

This means attackers can potentially access sensitive files on the server, such as database credentials, which can lead to a full database takeover.

The vulnerability is considered high severity with a CVSS score of 8.1.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive data stored on the server.

Attackers exploiting this flaw can obtain database credentials and potentially take over the entire database.

Such an attack can compromise the confidentiality, integrity, and availability of your website and its data.

Because the vulnerability is exploitable without authentication, it poses a high risk and can be targeted in widespread attacks.

Mitigation Strategies

The Food Drop WordPress theme versions 1.3 and below are affected by a high-priority Local File Inclusion vulnerability that allows unauthenticated attackers to include local files, potentially exposing sensitive data.

As there is no official patch available yet, immediate mitigation involves applying the temporary mitigation rule provided by Patchstack to block attacks until an official fix is released.

  • Update the Food Drop theme to a newer version once available.
  • Seek assistance from your hosting provider or a developer to apply the temporary mitigation rule.
  • Monitor your website for suspicious activity related to Local File Inclusion attempts.
Compliance Impact

The vulnerability allows unauthenticated attackers to include local files on the target website, potentially exposing sensitive data such as database credentials and enabling a full database takeover.

Exposure of sensitive data due to this vulnerability could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Organizations using the affected Food Drop theme versions should take immediate action to mitigate the risk to maintain compliance with these standards.

Detection Guidance

There is no specific detection method or commands provided in the available resources for identifying this Local File Inclusion (LFI) vulnerability in the Food Drop WordPress theme versions 1.3 and below.

However, typical detection approaches for LFI vulnerabilities include monitoring web server logs for suspicious requests attempting to include local files, such as those containing directory traversal patterns (e.g., ../) or requests targeting theme files with unusual parameters.

Since no official patch is available yet, applying the temporary mitigation rule provided by Patchstack and consulting with your hosting provider or developer is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69125. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart