CVE-2025-67940

Name of the Vulnerable Software and Affected Versions Mikado-Themes Powerlift versions prior to 3.2.1

Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. The estimated number of potentially affected devices worldwide is not specified. Real-world incidents where this issue was exploited are not mentioned. The vulnerability involves the inclusion of files, potentially through a path manipulation technique. No specific API endpoints or vulnerable parameters are mentioned.

Recommendations Update to Powerlift version 3.2.1 or later.