CVE-2025-49361

WordPress Mamita theme <= 1.0.9 - Local File Inclusion vulnerability

CVSS 8.1 HIGHEPSS 0.5%CWE-98

In short

The WordPress Mamita theme up to version 1.0.9 has a flaw that lets attackers include and execute local files on the server through PHP code. This can expose sensitive information or allow unauthorized actions on the website.

Technical detail

A PHP Local File Inclusion (LFI) vulnerability exists in the Mamita theme's file inclusion mechanism due to improper input validation. An attacker can manipulate file path parameters to include arbitrary local files, potentially leading to information disclosure, code execution, or privilege escalation depending on accessible files and server configuration.

Summary generated and translated by AI from the official description.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue affects Mamita: from n/a through <= 1.0.9.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

AncoraThemes · Mamita

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/Wordpress/Theme/mamita/vulnerability/wordpress-mamita-theme-1-0-9-local-file-inclusion-vulnerability?_s_id=cve