CVE-2025-60049
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress Soleil theme users running versions up to and including 1.17, potentially leading to sensitive information disclosure or code execution.
💻 Affected Systems
- WordPress Soleil Theme
📦 What is this software?
Soleil by Axiomthemes
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, sensitive file disclosure (including configuration files with credentials), and complete website takeover.
Likely Case
Sensitive information disclosure (database credentials, configuration files), limited file system access, and potential privilege escalation through included PHP files.
If Mitigated
Limited impact with proper file permissions, web server restrictions, and PHP security configurations in place.
🎯 Exploit Status
Exploitation requires knowledge of vulnerable endpoints but is straightforward once identified. Public proof-of-concept exists in vulnerability databases.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.17
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/soleil/vulnerability/wordpress-soleil-theme-1-17-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Update Soleil theme to latest version via WordPress admin panel. 2. If auto-update unavailable, download latest version from official repository. 3. Replace theme files via FTP/SFTP. 4. Clear WordPress cache if applicable.
🔧 Temporary Workarounds
Disable vulnerable theme
allTemporarily switch to default WordPress theme to mitigate vulnerability
wp theme activate twentytwentyfour
Restrict PHP file inclusion
linuxAdd PHP configuration to restrict file inclusion paths
php_admin_value open_basedir "/var/www/html:/tmp"
php_admin_value allow_url_include Off
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file inclusion patterns
- Restrict file system permissions for web server user to read-only access for necessary directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Soleil theme version. If version is 1.17 or lower, system is vulnerable.Check Version:
wp theme list --field=name,status,version | grep soleilVerify Fix Applied:
Verify theme version is greater than 1.17 in WordPress admin panel. Test vulnerable endpoints with safe payloads to confirm patching.📡 Detection & Monitoring
Log Indicators:
- Unusual file path patterns in access logs (e.g., ../../../etc/passwd)
- Multiple 404 errors followed by successful requests to unusual file paths
- PHP error logs showing include/require warnings with unexpected paths
Network Indicators:
- HTTP requests with file path traversal patterns in parameters
- Requests to theme-specific endpoints with file inclusion parameters
SIEM Query:
source="web_access_logs" AND (uri="*../*" OR uri="*/etc/*" OR uri="*/proc/*") AND status=200