[Security Vulnerability Alert] Ten high-risk security vulnerabilities exist in WordPress extensions and website themes. Please identify and patch them as soon as possible.

 
2025/12/23 ~ 2026/6/23
View Count:33

Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202512-00000155

[Content Description]
Researchers have discovered PHP Local File Inclusion vulnerabilities (CVE-2025-67522, CVE-2025-67523, CVE-2025-67524, CVE-2025-67525, CVE-2025-67526, CVE-2025-67527, CVE-2025-67529, CVE-2025-67530, CVE-2025-67531, and CVE-2025-67532) in WordPress extensions and website themes. An unauthenticated remote attacker could exploit this vulnerability to trick a server-side PHP program into loading an unexpected file from the local machine and executing arbitrary code on the server. Please verify and patch this vulnerability as soon as possible.

[Affected Platforms]
[Extensions] Jobmonster Elementor Addon versions 1.1.4 and earlier
[Website Themes] Updated to Jobmonster version 4.8.3 and later
[Website Themes] Updated to Exhibz version 3.0.10 and later
[Website Themes] Updated to ekommart version 4.3.1 and later
[Website Themes] Updated to Digiqole version 2.2.7 and later
[Website Themes] Updated to Sailing version 4.4.6 and later
[Website Themes] Updated to Fashion version 5.3.0 and later
[Website Themes] Updated to Besa version 2.3.16 and later
[Website Themes] Updated to Turitor version 1.5.3 and later
[Website Themes] Updated to Hara Version 1.2.18 and later

[Recommended Measures]
【Extensions】 Update to Jobmonster Elementor Addon version 1.1.5 and later
【Web Themes】 Update to Jobmonster version 4.8.3 and later
【Web Themes】 Update to Exhibz version 3.0.10 and later
【Web Themes】 Update to ekommart version 4.3.1 and later
【Web Themes】 Update to Sailing version 4.4.6 and later
【Web Themes】 Update to Digiqole version 2.2.7 and later
【Web Themes】 Update to Fashion version 5.3.0 and later
【Web Themes】 Update to Besa version 2.3.16 and later
【Web Themes】 Update to Turitor version 1.5.3 and later [Website Theme] Updated to Hara version 1.2.18 and later.

[References]
1. https://www.cve.org/CVERecord?id=CVE-2025-67522
2. https://www.cve.org/CVERecord?id=CVE-2025-67523
3. https://www.cve.org/CVERecord?id=CVE-2025-67524
4. https://www.cve.org/CVERecord?id=CVE-2025-67525
5. https://www.cve.org/CVERecord?id=CVE-2025-67526
6. https://www.cve.org/CVERecord?id=CVE-2025-67527
7. https://www.cve.org/CVERecord?id=CVE-2025-67529
8.https://www.cve.org/CVERecord?id=CVE-2025-67530
9. https://www.cve.org/CVERecord?id=CVE-2025-67531
10. https://www.cve.org/CVERecord?id=CVE-2025-67532

Files
None
【Back】
Top↑