CVE-2025-2558

Name of the Vulnerable Software and Affected Versions The-wound WordPress theme version 0.0.1

Description The issue concerns the failure to validate certain parameters before using them to generate paths passed to include functions, allowing unauthenticated users to perform Local File Inclusion (LFI) attacks and download arbitrary files from the server. This enables attackers to access sensitive information on the server.

Recommendations For The-wound WordPress theme version 0.0.1, consider updating to a newer version that addresses this issue, as the current version does not validate parameters properly, leading to LFI vulnerabilities. If an update is not available, as a temporary workaround, consider restricting access to include functions or validating parameters manually to prevent LFI attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.