CVE-2025-69074

WordPress Pearson Specter theme <= 1.11.3 - Local File Inclusion vulnerability

CVSS 8.1 HIGHEPSS 0.5%CWE-98

In short

The WordPress Pearson Specter theme has a flaw that lets attackers include and execute arbitrary local files on the server. This can expose sensitive information or allow code execution depending on what files are accessible.

Technical detail

A PHP Local File Inclusion vulnerability exists in the Pearson Specter theme (versions <= 1.11.3) due to improper validation of filename parameters in include/require statements. An attacker can manipulate file inclusion mechanisms to access sensitive server files, potentially leading to information disclosure or remote code execution if combined with log poisoning or other techniques.

Summary generated and translated by AI from the official description.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through <= 1.11.3.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

AncoraThemes · Pearson Specter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/Wordpress/Theme/pearsonspecter/vulnerability/wordpress-pearson-specter-theme-1-11-3-local-file-inclusion-vulnerability?_s_id=cve