CVE-2025-60055
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It affects WordPress Fabrica theme users running versions up to and including 1.8.1, potentially leading to sensitive file disclosure or code execution.
💻 Affected Systems
- WordPress Fabrica Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, sensitive configuration file disclosure (like wp-config.php), and complete site takeover.
Likely Case
Sensitive file disclosure including database credentials, configuration files, and user data, potentially leading to database access and privilege escalation.
If Mitigated
Limited impact with proper file permissions, web server restrictions, and security plugins blocking malicious requests.
🎯 Exploit Status
Exploitation requires knowledge of vulnerable endpoints but is straightforward once identified. Public exploit details available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.8.1
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/fabrica/vulnerability/wordpress-fabrica-theme-1-8-1-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Fabrica theme updates. 4. Update to latest version. 5. If no update available, replace with patched version from official source.
🔧 Temporary Workarounds
Disable vulnerable theme
allTemporarily switch to default WordPress theme to remove attack surface
wp theme activate twentytwentyfour
Web application firewall rules
linuxBlock requests containing path traversal patterns in URL parameters
# Example .htaccess rule for Apache:
RewriteCond %{QUERY_STRING} (\.\./|\.\.\\)
RewriteRule ^.*$ - [F,L]
🧯 If You Can't Patch
- Implement strict input validation on all user-controlled parameters used in include/require statements
- Apply principle of least privilege to web server file permissions and disable unnecessary PHP functions
🔍 How to Verify
Check if Vulnerable:
Check WordPress theme version via admin panel or inspect theme files for version number in style.cssCheck Version:
wp theme list --field=name,status,version | grep fabricaVerify Fix Applied:
Verify theme version is greater than 1.8.1 and test vulnerable endpoints with controlled payloads📡 Detection & Monitoring
Log Indicators:
- HTTP requests with path traversal sequences (../, ..\) in query parameters
- Multiple 404 errors followed by successful file access to sensitive paths
- Unusual file access patterns from single IP addresses
Network Indicators:
- HTTP requests containing include/require parameter manipulation
- Traffic spikes to theme-specific endpoints with suspicious parameters
SIEM Query:
source="web_logs" AND (uri="*fabrica*" AND (query="*../*" OR query="*..\\*"))