CVE-2025-58892
📋 TL;DR
This CVE describes a PHP Local File Inclusion vulnerability in the Tourimo WordPress theme that allows attackers to include arbitrary local files via improper filename control in include/require statements. Attackers can read sensitive files like configuration files or potentially execute code. All WordPress sites using Tourimo theme version 1.2.3 or earlier are affected.
💻 Affected Systems
- AncoraThemes Tourimo WordPress Theme
📦 What is this software?
Tourimo by Ancorathemes
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, and persistent backdoor installation.
Likely Case
Sensitive file disclosure including wp-config.php with database credentials, potentially leading to database compromise.
If Mitigated
Limited impact with proper file permissions and security controls preventing file inclusion outside web root.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability. Public proof-of-concept exists showing file inclusion via manipulated parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.4 or later
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/tourimo/vulnerability/wordpress-tourimo-theme-1-2-3-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Tourimo theme update is available. 4. Update to version 1.2.4 or later. 5. Alternatively, download latest version from AncoraThemes and manually update.
🔧 Temporary Workarounds
Disable Tourimo Theme
allSwitch to a different WordPress theme until patch can be applied
wp theme activate twentytwentyfour
wp theme deactivate tourimo
Web Application Firewall Rule
allBlock requests containing path traversal sequences in Tourimo theme parameters
🧯 If You Can't Patch
- Implement strict file permissions (644 for files, 755 for directories) to limit readable files
- Deploy web application firewall with rules blocking ../ sequences and file inclusion patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Tourimo theme version. If version is 1.2.3 or earlier, system is vulnerable.Check Version:
wp theme list --name=tourimo --field=versionVerify Fix Applied:
Verify Tourimo theme version is 1.2.4 or later in WordPress admin panel. Test file inclusion attempts should fail.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to tourimo theme files with ../ sequences in parameters
- Multiple 200 responses for unexpected file types (php, txt, ini)
Network Indicators:
- HTTP GET requests containing path traversal patterns (../, ..\) to theme files
- Unusual file downloads from WordPress theme directories
SIEM Query:
source="web_access.log" AND uri="*tourimo*" AND (param="*../*" OR param="*..\\*")