CVE-2025-60054
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the OnLeash theme from AncoraThemes. Attackers can potentially read sensitive files or execute arbitrary code.
💻 Affected Systems
- AncoraThemes OnLeash WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data theft, and website defacement.
Likely Case
Sensitive file disclosure (configuration files, database credentials) and limited code execution.
If Mitigated
File read attempts blocked, no code execution possible.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.5.2
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/onleash/vulnerability/wordpress-onleash-theme-1-5-2-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Update OnLeash theme to latest version via WordPress admin panel. 2. Verify theme version is >1.5.2. 3. Clear any caching plugins.
🔧 Temporary Workarounds
Disable vulnerable theme
allSwitch to default WordPress theme until patch is applied
Restrict PHP file inclusion
linuxConfigure PHP to disable allow_url_include and restrict open_basedir
php.ini: allow_url_include = Off
php.ini: open_basedir = /var/www/html
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block LFI patterns
- Restrict file system access permissions for web server user
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for OnLeash theme version ≤1.5.2Check Version:
wp theme list --field=name,version --path=/var/www/htmlVerify Fix Applied:
Confirm theme version >1.5.2 and test LFI payloads return errors📡 Detection & Monitoring
Log Indicators:
- HTTP requests with ../ patterns in parameters
- PHP include/require errors with unusual file paths
Network Indicators:
- HTTP requests containing file inclusion patterns (../../etc/passwd)
SIEM Query:
web.url:*../* AND (web.method:GET OR web.method:POST)