CVE-2025-2558HIGH 8.6EPSS p79.6%

CVE-2025-2558CVE-2025-2558

Description

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS2.13% probability of exploitation · percentile 79.6% · 2026-06-19T12:03:05Z
Published2025-04-24
Last modified2025-06-23

References

  1. https://wpscan.com/vulnerability/6a8e1c89-a01d-4347-91fc-ba454784b153/
  2. https://wpscan.com/vulnerability/6a8e1c89-a01d-4347-91fc-ba454784b153/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-4578
CVE
CVE-2025-49275
CVE
CVE-2025-60052
CVE
CVE-2025-14502
CVE
CVE-2025-62868
CVE
CVE-2025-4954
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.