{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67946", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:06.384Z", "datePublished": "2026-01-22T16:51:54.507Z", "dateUpdated": "2026-04-28T19:27:42.343Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "adforest", "product": "AdForest", "vendor": "scriptsbundle", "versions": [{"changes": [{"at": "6.0.12", "status": "unaffected"}], "lessThanOrEqual": "6.0.11", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:02:20.143Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.<p>This issue affects AdForest: from n/a through <= 6.0.11.</p>"}], "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:24.503Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/adforest/vulnerability/wordpress-adforest-theme-6-0-11-local-file-inclusion-vulnerability?_s_id=cve"}], "title": "WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T16:12:19.608379Z", "id": "CVE-2025-67946", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T19:27:42.343Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67946", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-28T16:12:19.608379Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T16:11:50.347Z"}}], "cna": {"title": "WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "affected": [{"vendor": "scriptsbundle", "product": "AdForest", "versions": [{"status": "affected", "changes": [{"at": "6.0.12", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "6.0.11"}], "packageName": "adforest", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:02:20.143Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/adforest/vulnerability/wordpress-adforest-theme-6-0-11-local-file-inclusion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11.", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.<p>This issue affects AdForest: from n/a through <= 6.0.11.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:11:32.900Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67946", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:11:32.900Z", "dateReserved": "2025-12-15T10:00:06.384Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-22T16:51:54.507Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11."}, {"lang": "es", "value": "Control inadecuado del nombre de fichero para la declaraci\u00f3n include/require en un programa PHP (vulnerabilidad de 'Inclusi\u00f3n Remota de Ficheros PHP') en scriptsbundle AdForest adforest permite la Inclusi\u00f3n Local de Ficheros PHP. Este problema afecta a AdForest: desde n/a hasta &lt;= 6.0.11."}], "id": "CVE-2025-67946", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-22T17:16:04.290", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/adforest/vulnerability/wordpress-adforest-theme-6-0-11-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:11:15.723102+00:00", "value": {"mitigation_remediation": ["Update the AdForest WordPress theme to version 6.0.12 or newer.", "Disable remote file inclusion by setting \"allow_url_include = Off\" in php.ini and ensuring that include_path is not dynamically modified.", "Restrict file system permissions so that non-privileged users cannot read or write sensitive files within the theme directory, and remove any PHP files that should not be directly accessible.", "Deploy web application firewall rules that block requests containing directory traversal patterns in include parameters."], "summary": {"action": "Immediate Patch", "impact": "Local File Inclusion"}, "threat_synthesis": {"affected_systems": "The issue affects the AdForest theme developed by scriptsbundle. All released versions from the first build up to and including 6.0.11 are impacted. Site owners running these versions on a WordPress installation should verify whether they are using an affected theme.", "description_and_impact": "Based on the description, this vulnerability in the AdForest WordPress theme arises from inadequate validation of the filename supplied to PHP\u2019s include/require statements. An attacker can supply a crafted value that forces the theme to include any local file on the server, allowing the attacker to read sensitive configuration files or, if the included file contains PHP code, potentially execute arbitrary code on the server. The weakness is categorized as CWE\u201198 and could lead to confidentiality and integrity compromises. The potential for remote code execution is inferred if the attacker supplies a PHP file containing malicious code.", "risk_and_exploitability": "The CVSS score of 8.1 classifies this flaw as high severity. The EPSS score is reported as less than 1%, indicating a very low current exploitation probability. It is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers would need to influence the include path, most likely through a crafted request to a publicly accessible page served by the theme, and the flaw does not require login or elevated privileges. The possibility of remote code execution is inferred from the vulnerability description, making the threat noteworthy despite the low exploitation probability."}}}}, "created": "2026-01-23T16:30:48.890441+00:00", "updated": "2026-04-28T18:15:37.368755+00:00", "vendors": ["scriptsbundle", "scriptsbundle$PRODUCT$adforest", "wordpress", "wordpress$PRODUCT$wordpress"]}