CVE-2025-52723
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue affects Networker: from n/a through <= 1.2.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Networker WordPress theme <=1.2.0 contains a PHP local file inclusion vulnerability allowing attackers to read arbitrary files on the server.
CVE-2025-52723 is a PHP Local File Inclusion (LFI) vulnerability in the Networker WordPress theme, affecting all versions up to and including 1.2.0. The issue stems from improper control of filenames in include/require statements, enabling an attacker to manipulate input to include arbitrary local files [1].
Exploitation requires no authentication and can be performed remotely. An attacker can send crafted requests to the vulnerable endpoint, specifying a file path to include. This allows the inclusion of sensitive files such as wp-config.php, which contains database credentials [1].
The impact is severe: an attacker can read any readable file on the server, potentially exposing database credentials, secret keys, or other configuration details. This could lead to full site compromise, including database takeover [1].
The vulnerability has been patched in version 1.2.2. Users are advised to update immediately. If immediate update is not possible, a mitigation rule is available from Patchstack to block attacks until the update is applied [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.2.0+ 1 more
- (no CPE)range: <=1.2.0
- (no CPE)range: <=1.2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.