Unrated severityNVD Advisory· Published Dec 18, 2025· Updated Apr 28, 2026No known patch
WordPress Critique theme <= 1.17 - Local File Inclusion vulnerability
No known patch is available for this vulnerability.
The affected plugin has not been updated on WordPress.org since before this CVE was disclosed; the latest installable version is still vulnerable. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
CVE-2025-58923
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Critique critique allows PHP Local File Inclusion.This issue affects Critique: from n/a through <= 1.17.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<= 1.17+ 1 more
- (no CPE)range: <= 1.17
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.