CVE-2025-14430
📋 TL;DR
This CVE describes a PHP Local File Inclusion vulnerability in the Brook WordPress theme that allows attackers to include arbitrary local files via improper filename control in include/require statements. Attackers can potentially read sensitive files or execute code by including malicious PHP files. All WordPress sites using affected versions of the Brook theme are vulnerable.
💻 Affected Systems
- ThemeMove Brook - Agency Business Creative WordPress Theme
📦 What is this software?
Brook by Thememove
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through remote code execution, sensitive file disclosure (including configuration files, database credentials), and complete site takeover.
Likely Case
Sensitive file disclosure (wp-config.php, /etc/passwd), limited code execution through existing PHP files, and potential privilege escalation.
If Mitigated
File disclosure limited to web-accessible directories if proper file permissions and web server configurations are in place.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability. Public exploit details are available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.9.0 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Brook theme update is available. 4. Update to version 2.9.0 or later. 5. Alternatively, download updated theme from ThemeForest and manually replace files.
🔧 Temporary Workarounds
Disable vulnerable theme
allSwitch to a different WordPress theme until patch can be applied
wp theme activate twentytwentyfour
wp theme deactivate brook
Restrict file inclusion
linuxAdd PHP configuration to disable dangerous functions
php_admin_value open_basedir /var/www/html
php_admin_value allow_url_include Off
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block LFI patterns
- Restrict file permissions and implement strict file upload controls
🔍 How to Verify
Check if Vulnerable:
Check WordPress theme version in Appearance > Themes or run: wp theme list --field=name,version | grep brookCheck Version:
wp theme list --field=name,version | grep -i brookVerify Fix Applied:
Confirm theme version is 2.9.0 or higher and test LFI payloads return errors instead of file contents📡 Detection & Monitoring
Log Indicators:
- Unusual file path parameters in HTTP requests
- Multiple requests with ../ patterns
- Requests to theme files with unusual parameters
Network Indicators:
- HTTP requests containing file inclusion patterns (../../etc/passwd)
- Unusual file extensions in theme-related URLs
SIEM Query:
source="web_access.log" AND (uri="*brook*" AND (uri="*..*" OR uri="*include*" OR uri="*require*"))