CVE-2025-58894 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2025-58894?

CVE-2025-58894 has a CVSS score of 8.2 (HIGH). This vulnerability allows attackers to include local PHP files through improper filename control in the Good Mood WordPress theme. Attackers can potentially read sensitive files or execute arbitrary code. All WordPress sites using Good Mood theme version 1.16 or earlier are affected.

📋 TL;DR

This vulnerability allows attackers to include local PHP files through improper filename control in the Good Mood WordPress theme. Attackers can potentially read sensitive files or execute arbitrary code. All WordPress sites using Good Mood theme version 1.16 or earlier are affected.

💻 Affected Systems

Products:

axiomthemes Good Mood WordPress Theme

Versions: All versions up to and including 1.16

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Good Mood theme active. PHP configuration with allow_url_include disabled does not prevent local file inclusion.

📦 What is this software?

Good Mood by Axiomthemes

View all CVEs affecting Good Mood →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, and website defacement.

🟠

Likely Case

Local file inclusion allowing sensitive file disclosure (like wp-config.php) and limited code execution.

🟢

If Mitigated

No impact if proper file permissions and web server configurations prevent PHP execution in sensitive directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires crafting specific HTTP requests with file path parameters. Public exploit details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.17 or later

Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/good-mood/vulnerability/wordpress-good-mood-theme-1-16-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Good Mood theme update. 4. Apply update to version 1.17+. 5. Clear cache if using caching plugins.

🔧 Temporary Workarounds

Disable vulnerable theme

all

Switch to default WordPress theme until patch is applied

wp theme activate twentytwentyfour

Web Application Firewall rule

all

Block requests containing local file inclusion patterns

🧯 If You Can't Patch

Remove Good Mood theme completely and use alternative theme
Implement strict file permissions (644 for files, 755 for directories) and disable PHP execution in uploads directory

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Good Mood theme version 1.16 or earlier

Check Version:

wp theme list --name=good-mood --field=version

Verify Fix Applied:

Confirm Good Mood theme version is 1.17 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

HTTP requests with suspicious file path parameters like ../../../etc/passwd or wp-config.php
PHP warnings about failed file inclusions

Network Indicators:

Unusual GET/POST requests to theme files with file path parameters
Traffic patterns suggesting directory traversal attempts

SIEM Query:

source="web_server" AND (uri="*good-mood*" AND (param="*../*" OR param="*php*"))

📊 Metadata

CVE ID: CVE-2025-58894

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-98

EPSS Score: 0.06% exploit probability (19th percentile)

Published: December 18, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Theme/good-mood/vulnerability/wordpress-good-mood-theme-1-16-local-file-inclusion-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58894, you might also want to check these: