Login Sign Up

CVE-2025-58943

8.2 HIGH

📋 TL;DR

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Agricola theme from version 1.1.0 and earlier. Attackers can potentially read sensitive files or execute arbitrary code.

💻 Affected Systems

Products:
  • Agricola WordPress Theme
Versions: n/a through <= 1.1.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Agricola theme active. PHP configuration with allow_url_include disabled does not prevent local file inclusion.

📦 What is this software?

Agricola by Axiomthemes

View all CVEs affecting Agricola →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through arbitrary code execution leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Sensitive file disclosure (configuration files, database credentials, user data) and limited code execution within web server context.

🟢

If Mitigated

Limited impact with proper file permissions and web server hardening, potentially only file disclosure without code execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP requests can trigger the vulnerability. Public exploit details available on security databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: >1.1.0

Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/agricola/vulnerability/wordpress-agricola-theme-1-1-0-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Agricola theme update is available. 4. Update to latest version. 5. If no update available, replace with alternative theme.

🔧 Temporary Workarounds

Disable Agricola Theme

all

Temporarily disable the vulnerable theme until patched

wp theme deactivate agricola

Restrict PHP Include Paths

linux

Configure PHP to restrict include paths to safe directories

php_admin_value open_basedir "/var/www/html:/tmp"

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block file inclusion patterns
  • Restrict file permissions and implement strict access controls on sensitive files

🔍 How to Verify

Check if Vulnerable:

Check WordPress theme version in wp-content/themes/agricola/style.css or via WordPress admin panel

Check Version:

grep 'Version' wp-content/themes/agricola/style.css | head -1

Verify Fix Applied:

Verify Agricola theme version is >1.1.0 and test file inclusion attempts return errors instead of file contents

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in PHP error logs
  • HTTP requests with file path parameters like ?file=../../etc/passwd

Network Indicators:

  • HTTP requests containing path traversal sequences (../) in query parameters

SIEM Query:

source="web_server_logs" AND (uri="*..*" OR params="*..*") AND status="200"

📊 Metadata

CVE ID: CVE-2025-58943
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-98
EPSS Score: 0.06% exploit probability (19th percentile)
Published: December 18, 2025
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58943, you might also want to check these:

CVE-2025-25174 10.0

This CVE describes a PHP Local File Inclusion vulnerability in the BeeTeam368 Extensions WordPress p...

Same vulnerability type (CWE-98)
CVE-2025-49994 9.8

This vulnerability allows attackers to include local files on the server through improper filename c...

Same vulnerability type (CWE-98)
CVE-2025-50003 9.8

This vulnerability allows attackers to include local PHP files through improper filename control in ...

Same vulnerability type (CWE-98)