CVE-2025-54716

CVE-2025-54716 is a local file inclusion vulnerability in WordPress themes: Ireca (WordPress Theme, versioned up to 1.8.5). The underlying issue is Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion), enabling LFI. Affected product: Ireca