CVE-2025-58923
📋 TL;DR
This vulnerability allows attackers to include and execute arbitrary local files on servers running the Critique WordPress theme. Attackers can potentially read sensitive files or execute PHP code by manipulating file inclusion parameters. All WordPress sites using Critique theme version 1.17 or earlier are affected.
💻 Affected Systems
- WordPress Critique Theme
📦 What is this software?
Critique by Axiomthemes
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through remote code execution, sensitive file disclosure (including configuration files with database credentials), and complete site takeover.
Likely Case
Information disclosure of sensitive files (wp-config.php, /etc/passwd), limited code execution within web server context, and potential privilege escalation.
If Mitigated
Limited impact if proper file permissions are set, web server runs with minimal privileges, and security controls block unusual file access patterns.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability. No authentication required. Public exploit details available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.18 or later
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/critique/vulnerability/wordpress-critique-theme-1-17-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Critique theme update is available. 4. Click 'Update Now' for Critique theme. 5. Alternatively, download version 1.18+ from WordPress repository and manually replace files.
🔧 Temporary Workarounds
Disable vulnerable theme
allTemporarily switch to default WordPress theme until patch is applied
wp theme activate twentytwentyfour
Web Application Firewall rule
allBlock requests containing local file inclusion patterns in theme files
🧯 If You Can't Patch
- Implement strict file permissions (644 for files, 755 for directories) and run web server with minimal privileges
- Deploy web application firewall with rules blocking ../ sequences and unusual file parameter values
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel under Appearance > Themes for Critique theme version. If version is 1.17 or lower, system is vulnerable.Check Version:
wp theme list --name=critique --field=versionVerify Fix Applied:
After update, verify Critique theme shows version 1.18 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to critique theme files with unusual file parameters
- PHP warnings about file inclusion failures
- Access to sensitive files like wp-config.php from web requests
Network Indicators:
- GET/POST requests containing ../ sequences or absolute paths in theme-related URLs
- Unusual file extensions in theme parameter requests
SIEM Query:
source="web_logs" AND (url="*critique*" AND (param="*../*" OR param="*/etc/*" OR param="*wp-config*"))