CVE-2025-58942
📋 TL;DR
This CVE describes a PHP Local File Inclusion vulnerability in the Dwell WordPress theme by axiomthemes. Attackers can include arbitrary local files through improper filename control in PHP include/require statements, potentially leading to sensitive information disclosure or code execution. All WordPress sites using Dwell theme version 1.7.0 or earlier are affected.
💻 Affected Systems
- axiomthemes Dwell WordPress Theme
📦 What is this software?
Dwell by Axiomthemes
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through inclusion of malicious PHP files leading to remote code execution, data exfiltration, and complete site takeover.
Likely Case
Sensitive file disclosure (configuration files, database credentials, source code) and limited code execution within web server context.
If Mitigated
Information disclosure limited to publicly accessible files only, with no code execution possible.
🎯 Exploit Status
Exploitation requires knowledge of vulnerable endpoints but is straightforward once identified. Public exploit details available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.1 or later
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/dwell/vulnerability/wordpress-dwell-theme-1-7-0-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Dwell theme update is available. 4. Update to version 1.7.1 or later. 5. If no update available, switch to default theme and remove Dwell theme.
🔧 Temporary Workarounds
Disable vulnerable theme
allSwitch to default WordPress theme to remove attack surface
wp theme activate twentytwentyfour
wp theme delete dwell
Restrict PHP file inclusion
linuxAdd .htaccess rules to block file inclusion patterns
RewriteEngine On
RewriteCond %{QUERY_STRING} (.*)(include|require)(.*)\.php [NC]
RewriteRule .* - [F,L]
🧯 If You Can't Patch
- Switch to alternative WordPress theme immediately
- Implement web application firewall rules to block file inclusion patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress theme version in Appearance > Themes or use: wp theme list --field=name,status,version | grep dwellCheck Version:
wp theme list --field=name,version | grep dwellVerify Fix Applied:
Confirm Dwell theme version is 1.7.1 or later using: wp theme list --field=name,version | grep dwell📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in PHP error logs
- HTTP requests with include/require parameters targeting local paths
- Access to sensitive files like /etc/passwd, wp-config.php
Network Indicators:
- HTTP requests with file inclusion parameters (include=, require=, file=)
- Traffic to theme-specific endpoints with path traversal patterns
SIEM Query:
web.url:*dwell* AND (web.query:*include* OR web.query:*require* OR web.query:*file*) AND web.query:*..*