High severity8.6NVD Advisory· Published Apr 24, 2025· Updated Jun 17, 2026
CVE-2025-2558
CVE-2025-2558
Description
The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/6a8e1c89-a01d-4347-91fc-ba454784b153/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.