WordPress The Wound Theme <= 0.0.1 - Local File Inclusion

The-wound WordPress theme through 0.0.1 contains a local file inclusion caused by insufficient validation of parameters used to generate paths passed to include functions, letting unauthenticated users perform LFI attacks and download arbitrary files from the server. id: CVE-2025-2558 info: name:...

WordPress The Wound theme <= 0.0.1 - Unauthenticated LFI vulnerability

Unauthenticated LFI vulnerability discovered by Aly Khaled in WordPress Theme The Wound versions = 0.0.1...

CVE-2025-2558

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server...

CVE-2025-2558 The Wound <= 0.0.1 - Unauthenticated LFI

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server...

CVE-2025-2558

CVE-2025-2558 describes an unauthenticated Local File Inclusion (LFI) in the WordPress theme The Wound (versions

WordPress plugin the-wound 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...