CVE-2025-58945 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2025-58945?

CVE-2025-58945 has a CVSS score of 8.2 (HIGH). This vulnerability allows attackers to include local PHP files through improper filename control in the EcoGrow WordPress theme. Attackers can potentially execute arbitrary code or read sensitive files on the server. All WordPress sites using EcoGrow theme versions up to and including 1.7 are affected.

📋 TL;DR

This vulnerability allows attackers to include local PHP files through improper filename control in the EcoGrow WordPress theme. Attackers can potentially execute arbitrary code or read sensitive files on the server. All WordPress sites using EcoGrow theme versions up to and including 1.7 are affected.

💻 Affected Systems

Products:

axiomthemes EcoGrow WordPress theme

Versions: All versions up to and including 1.7

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with EcoGrow theme active. PHP configuration with allow_url_include disabled does not prevent local file inclusion.

📦 What is this software?

Ecogrow by Axiomthemes

View all CVEs affecting Ecogrow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or complete site takeover through remote code execution.

🟠

Likely Case

Sensitive file disclosure (configuration files, database credentials), limited code execution, or website defacement.

🟢

If Mitigated

Attack blocked at web application firewall level or fails due to proper file permissions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests can trigger the vulnerability. Public exploit code is available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.7

Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/ecogrow/vulnerability/wordpress-ecogrow-theme-1-7-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Update EcoGrow theme to latest version via WordPress admin panel. 2. If update not available, remove theme completely. 3. Verify theme files are replaced with patched versions.

🔧 Temporary Workarounds

Disable vulnerable theme

all

Switch to default WordPress theme to immediately remove vulnerability

wp theme activate twentytwentyfour

Web Application Firewall rule

linux

Block requests containing local file inclusion patterns

ModSecurity rule: SecRule ARGS "\.\./" "phase:2,deny,status:403,id:1001"

🧯 If You Can't Patch

Implement strict file permissions (644 for files, 755 for directories)
Deploy web application firewall with LFI detection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for EcoGrow theme version <= 1.7

Check Version:

wp theme list --field=name,status,version | grep ecogrow

Verify Fix Applied:

Confirm theme version is >1.7 or theme is deactivated/removed

📡 Detection & Monitoring

Log Indicators:

HTTP requests with ../ sequences in parameters
PHP include/require errors in web server logs
Access to sensitive files like /etc/passwd in logs

Network Indicators:

Unusual file paths in URL parameters
Requests to theme files with traversal sequences

SIEM Query:

source="web_logs" AND (uri="*../*" OR uri="*..\\*" OR params="*include*" OR params="*require*")

📊 Metadata

CVE ID: CVE-2025-58945

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-98

EPSS Score: 0.06% exploit probability (19th percentile)

Published: December 18, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Theme/ecogrow/vulnerability/wordpress-ecogrow-theme-1-7-local-file-inclusion-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58945, you might also want to check these: