CVE-2025-67936
CVE-2025-67936 applies to Curly (WordPress Curly theme) prior to version 3.3, which is affected by an Unauthenticated Local File Inclusion due to improper control of the filename used in Include/Require statements. Wordfence reports this as the Curly