CVE-2025-2101

Name of the Vulnerable Software and Affected Versions Edumall theme for WordPress versions up to, and including, 4.2.4

Description The issue allows unauthenticated attackers to include and execute arbitrary PHP files on the server via the template parameter of the 'edumall lazy load template' AJAX action. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.

Recommendations For Edumall theme for WordPress versions up to, and including, 4.2.4, consider disabling the 'edumall lazy load template' AJAX action until a patch is available. Restrict access to the template parameter to minimize the risk of exploitation. Avoid using the template parameter in the affected AJAX action until the issue is resolved.