{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67992", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:44.500Z", "datePublished": "2026-02-20T15:46:32.513Z", "dateUpdated": "2026-04-28T19:32:37.512Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "patiotime", "product": "PatioTime", "vendor": "LoftOcean", "versions": [{"changes": [{"at": "2.1", "status": "unaffected"}], "lessThanOrEqual": "2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:02:17.123Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.<p>This issue affects PatioTime: from n/a through < 2.1.</p>"}], "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:25.273Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/patiotime/vulnerability/wordpress-patiotime-theme-2-1-local-file-inclusion-vulnerability?_s_id=cve"}], "title": "WordPress PatioTime theme < 2.1 - Local File Inclusion vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T20:37:19.098827Z", "id": "CVE-2025-67992", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T19:32:37.512Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67992", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T20:37:19.098827Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T20:37:20.856Z"}}], "cna": {"title": "WordPress PatioTime theme < 2.1 - Local File Inclusion vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LoftOcean", "product": "PatioTime", "versions": [{"status": "affected", "changes": [{"at": "2.1", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "2.1"}], "packageName": "patiotime", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:02:17.123Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/patiotime/vulnerability/wordpress-patiotime-theme-2-1-local-file-inclusion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.<p>This issue affects PatioTime: from n/a through < 2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:25.273Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67992", "state": "PUBLISHED", "dateUpdated": "2026-04-28T19:32:37.512Z", "dateReserved": "2025-12-15T10:00:44.500Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-20T15:46:32.513Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1."}, {"lang": "es", "value": "La vulnerabilidad de control inadecuado del nombre de fichero para la declaraci\u00f3n Include/Require en un programa PHP ('inclusi\u00f3n remota de ficheros PHP') en LoftOcean PatioTime patiotime permite la inclusi\u00f3n local de ficheros PHP. Este problema afecta a PatioTime: desde n/a hasta &lt; 2.1."}], "id": "CVE-2025-67992", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T16:22:05.360", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/patiotime/vulnerability/wordpress-patiotime-theme-2-1-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PatioTime", "source": "cna", "vendor": "LoftOcean"}, "product": "patiotime", "vendor": "loftocean"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-28T17:41:12.688590+00:00", "value": {"mitigation_remediation": ["Upgrade the LoftOcean PatioTime WordPress theme to version 2.1 or later, which removes the vulnerable include/require logic.", "Disallow allowing untrusted user input to determine the filename passed to include or require within the theme code.", "Configure the web server to prevent execution of PHP files within the theme\u2019s directory and any upload directories, ensuring only intended scripts are executable."], "summary": {"action": "Immediate Patch", "impact": "Local File Inclusion (potential RCE)"}, "threat_synthesis": {"affected_systems": "All installations of the LoftOcean PatioTime theme that are running a version older than 2.1 are impacted. This includes every release from the theme\u2019s earliest version up through 2.0.x. WordPress sites that have not upgraded the theme beyond 2.1 are therefore vulnerable.", "description_and_impact": "The flaw is an improper control of the filename used in a PHP include/require statement within the LoftOcean PatioTime theme for WordPress. This weakness, identified as CWE\u201198, permits an attacker to define an arbitrary file path, causing the PHP engine to load a local file. If the attacker can supply a writable file containing PHP code, the resulting file inclusion can be leveraged to execute arbitrary code on the server. The vulnerability also enables disclosure of local files, exposing sensitive data such as credentials or private keys.", "risk_and_exploitability": "The CVSS score of 8.1 reflects a high severity for this local file inclusion, as it can be triggered without user interaction and may lead to code execution. The EPSS score of \"< 1%\" shows that current exploitation activity is low, but the pathway remains open. The flaw is not listed in the CISA KEV catalog. The attack vector is inferred to be through a crafted web request that manipulates the filename supplied to the include/require call, likely via a query parameter or a custom URL path processed by the theme. An unauthenticated attacker with access to such a parameter can read or read/write files on the server, and if a writable file can be placed in the affected directory, can execute PHP code for remote code execution."}}}}, "created": "2026-02-23T14:46:06.039503+00:00", "updated": "2026-04-28T17:45:16.140579+00:00", "vendors": ["loftocean", "loftocean$PRODUCT$patiotime", "wordpress", "wordpress$PRODUCT$wordpress"]}