CVE-2025-6746
📋 TL;DR
The WoodMart WordPress theme plugin contains a Local File Inclusion vulnerability in the 'layout' attribute that allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary PHP files. This can lead to remote code execution, data theft, and access control bypass. All WordPress sites using WoodMart theme versions up to 8.2.3 are affected.
💻 Affected Systems
- WoodMart WordPress Theme
📦 What is this software?
Woodmart by Xtemos
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through remote code execution, data exfiltration, backdoor installation, and complete site takeover.
Likely Case
Unauthorized file access, privilege escalation, data leakage, and limited code execution within web server context.
If Mitigated
Limited impact if proper file upload restrictions and server hardening are in place, but still significant risk.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained. Public exploit details are available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.2.4 or later
Vendor Advisory: https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for WoodMart theme updates. 4. Update to version 8.2.4 or later. 5. Clear any caching plugins.
🔧 Temporary Workarounds
Remove Contributor Role Access
allTemporarily restrict or remove Contributor-level access until patching is complete
Web Application Firewall Rule
allAdd WAF rule to block requests containing suspicious 'layout' parameter patterns
🧯 If You Can't Patch
- Implement strict file upload restrictions and disable PHP execution in upload directories
- Apply principle of least privilege: restrict user roles and capabilities to minimum necessary
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for WoodMart version. If version is 8.2.3 or lower, system is vulnerable.Check Version:
wp theme list --field=name,version --format=csv | grep -i woodmartVerify Fix Applied:
Confirm WoodMart theme version is 8.2.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file inclusion attempts in web server logs
- Requests with 'layout' parameter containing path traversal patterns
- PHP file execution from unexpected locations
Network Indicators:
- HTTP requests with suspicious 'layout' parameter values
- POST/GET requests attempting file inclusion
SIEM Query:
web_access_logs | where url contains 'layout' and (url contains '../' or url contains '.php')