CVE-2025-58944 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2025-58944?

CVE-2025-58944 has a CVSS score of 8.2 (HIGH). This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Manufactory theme version 1.4 and earlier. Attackers can potentially read sensitive files or execute arbitrary code.

📋 TL;DR

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Manufactory theme version 1.4 and earlier. Attackers can potentially read sensitive files or execute arbitrary code.

💻 Affected Systems

Products:

WordPress Manufactory Theme

Versions: n/a through <= 1.4

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Manufactory theme active. PHP configuration with allow_url_include disabled does not prevent local file inclusion.

📦 What is this software?

Manufactory by Axiomthemes

View all CVEs affecting Manufactory →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through arbitrary code execution leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Sensitive file disclosure (configuration files, database credentials, user data) and limited code execution within web server context.

🟢

If Mitigated

Limited impact with proper file permissions and web application firewalls blocking malicious requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests with crafted parameters can trigger the vulnerability. Public exploit details available on security databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: >1.4

Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/manufactory/vulnerability/wordpress-manufactory-theme-1-4-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Manufactory theme update is available. 4. Update to latest version. 5. If no update available, replace with patched version from official source.

🔧 Temporary Workarounds

Disable or Replace Theme

all

Temporarily disable the Manufactory theme and switch to default WordPress theme

Web Application Firewall Rules

all

Block requests containing local file inclusion patterns in parameters

🧯 If You Can't Patch

Implement strict file permissions (chmod 600 for sensitive files)
Deploy web application firewall with LFI detection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Manufactory theme version <=1.4

Check Version:

Check wp-content/themes/manufactory/style.css for Version: header

Verify Fix Applied:

Confirm theme version is >1.4 or theme has been removed/replaced

📡 Detection & Monitoring

Log Indicators:

HTTP requests with file path traversal patterns in parameters
Multiple failed include attempts in PHP error logs

Network Indicators:

HTTP requests containing ../ patterns, file:// wrappers, or PHP wrapper patterns

SIEM Query:

web.url:*manufactory* AND (web.param:*../* OR web.param:*file:* OR web.param:*php://*)

📊 Metadata

CVE ID: CVE-2025-58944

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-98

EPSS Score: 0.06% exploit probability (19th percentile)

Published: December 18, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Theme/manufactory/vulnerability/wordpress-manufactory-theme-1-4-local-file-inclusion-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58944, you might also want to check these: