CVE-2025-64193
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the XStore theme, potentially leading to sensitive information disclosure or code execution. All XStore theme installations before version 9.6.1 are vulnerable.
💻 Affected Systems
- 8theme XStore WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, sensitive data exposure, and complete site takeover.
Likely Case
Information disclosure of sensitive files like configuration files, password files, or source code, potentially leading to further attacks.
If Mitigated
Limited impact with proper file permissions and security controls, possibly only revealing non-sensitive files.
🎯 Exploit Status
Local file inclusion vulnerabilities are commonly exploited and weaponized quickly. Public exploit details are available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.6.1
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/xstore/vulnerability/wordpress-xstore-theme-9-6-1-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Update XStore theme to version 9.6.1 or later. 4. Clear any caching plugins or server cache.
🔧 Temporary Workarounds
Disable vulnerable theme
allTemporarily switch to a different WordPress theme until patching is possible
wp theme activate twentytwentyfour
Restrict file access
linuxImplement strict file permissions and disable PHP execution in upload directories
chmod 644 wp-config.php
find /path/to/wordpress -type f -name '*.php' -exec chmod 644 {} \;
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file inclusion patterns
- Restrict server file permissions and implement strict access controls
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel under Appearance > Themes for XStore theme version. If version is below 9.6.1, system is vulnerable.Check Version:
wp theme list --field=name,status,version | grep xstoreVerify Fix Applied:
Confirm XStore theme version is 9.6.1 or higher in WordPress admin panel. Test with known safe LFI payloads if possible.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in PHP error logs
- Requests containing '../' or file inclusion patterns in access logs
- Multiple failed attempts to access sensitive files
Network Indicators:
- HTTP requests with file inclusion parameters like ?file=../../etc/passwd
- Unusual traffic to theme-specific PHP files
SIEM Query:
source="web_access_logs" AND (uri="*../*" OR uri="*file=*" OR uri="*include=*") AND user_agent NOT IN ("normal_bots")