CVE-2025-60064 – This vulnerability allows attackers to include ... (How to Fix)

Q: How do I fix CVE-2025-60064?

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for updates to the Renewal theme. 4. If an update is available, apply it immediately. 5. If no update is available, remove the theme and replace it with a secure alternative.

Q: What is the severity of CVE-2025-60064?

CVE-2025-60064 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to include and execute arbitrary local files on the server via PHP's include/require statements in the Renewal WordPress theme. It affects all WordPress sites using the Renewal theme version 1.2.2 or earlier, potentially leading to information disclosure or remote code execution.

📋 TL;DR

This vulnerability allows attackers to include and execute arbitrary local files on the server via PHP's include/require statements in the Renewal WordPress theme. It affects all WordPress sites using the Renewal theme version 1.2.2 or earlier, potentially leading to information disclosure or remote code execution.

💻 Affected Systems

Products:

Renewal WordPress theme

Versions: from n/a through <= 1.2.2

Operating Systems: Any OS running PHP and WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Renewal theme to be installed and active on a WordPress site; vulnerability is in the theme's PHP code.

📦 What is this software?

Renewal by Axiomthemes

View all CVEs affecting Renewal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, allowing data theft, malware deployment, or site defacement.

🟠

Likely Case

Local file inclusion leading to sensitive file disclosure (e.g., configuration files) or limited code execution depending on server settings.

🟢

If Mitigated

Minimal impact if file inclusion is restricted by server hardening (e.g., open_basedir) or the vulnerability is patched.

🌐 Internet-Facing: HIGH, as WordPress themes are typically exposed to the internet, making them accessible to remote attackers.

🏢 Internal Only: MEDIUM, as internal users could exploit it for privilege escalation or lateral movement within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward via crafted HTTP requests; public proof-of-concept details are available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.2.2 (check vendor for exact version)

Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/renewal/vulnerability/wordpress-renewal-theme-1-2-2-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for updates to the Renewal theme. 4. If an update is available, apply it immediately. 5. If no update is available, remove the theme and replace it with a secure alternative.

🔧 Temporary Workarounds

Disable or Remove Theme

all

Temporarily disable or delete the Renewal theme to prevent exploitation until a patch is applied.

wp theme deactivate renewal
wp theme delete renewal

Restrict PHP File Inclusion

linux

Configure PHP settings to limit file inclusion paths using open_basedir or disable dangerous functions.

In php.ini: open_basedir = /var/www/html
In php.ini: disable_functions = include,require

🧯 If You Can't Patch

Apply strict web application firewall (WAF) rules to block requests with suspicious file paths or parameters.
Monitor server logs for unusual file access patterns and restrict theme directory permissions to read-only for non-admin users.

🔍 How to Verify

Check if Vulnerable:

Check the theme version in WordPress admin under Appearance > Themes; if Renewal is installed and version is 1.2.2 or earlier, it is vulnerable.

Check Version:

wp theme list --name=renewal --field=version

Verify Fix Applied:

After updating, confirm the theme version is above 1.2.2 in the same location and test with a harmless local file inclusion attempt to ensure it fails.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to theme files with parameters like 'file=' or 'include=' pointing to local paths
Errors in PHP logs related to failed file inclusions or permission denials

Network Indicators:

HTTP traffic with crafted parameters targeting theme PHP files, often with paths like '../../etc/passwd'

SIEM Query:

source="web_server_logs" AND (uri="*renewal*" AND (param="*file=*" OR param="*include=*")) AND status=200

📊 Metadata

CVE ID: CVE-2025-60064

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-98

EPSS Score: 0.05% exploit probability (15.5th percentile)

Published: December 18, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Theme/renewal/vulnerability/wordpress-renewal-theme-1-2-2-local-file-inclusion-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60064, you might also want to check these: