[VULNERABILITY ALERT] 10 High-Risk Security Vulnerabilities in WordPress Extensions and Themes, Please Verify and Patch Immediately

• Subject: [VULNERABILITY ALERT] 10 High-Risk Security Vulnerabilities in WordPress Extensions and Themes, Please Verify and Patch Immediately

• Content Description:
  • Forwarded from National Information Security Information Sharing and Analysis Center Security Alert NISAC-200-202512-00000155
  • Researchers have discovered PHP Local File Inclusion (LFI) vulnerabilities (CVE-2025-67522, CVE-2025-67523, CVE-2025-67524, CVE-2025-67525, CVE-2025-67526, CVE-2025-67527, CVE-2025-67529, CVE-2025-67530, CVE-2025-67531, and CVE-2025-67532) in WordPress extensions and themes.
  • A remote unauthenticated attacker could exploit this vulnerability to induce server-side PHP scripts to load unintended local files and execute arbitrary code on the server side. Please verify and patch as soon as possible.
• Affected Platforms:
  • [Extension] Jobmonster Elementor Addon versions 1.1.4 (inclusive) and before
  • [Theme] Update to Jobmonster 4.8.3 (inclusive) or later versions
  • [Theme] Update to Exhibz 3.0.10 (inclusive) or later versions
  • [Theme] Update to ekommart 4.3.1 (inclusive) or later versions
  • [Theme] Update to Digiqole 2.2.7 (inclusive) or later versions
  • [Theme] Update to Sailing 4.4.6 (inclusive) or later versions
  • [Theme] Update to Fashion 5.3.0 (inclusive) or later versions
  • [Theme] Update to Besa 2.3.16 (inclusive) or later versions
  • [Theme] Update to Turitor 1.5.3 (inclusive) or later versions
  • [Theme] Update to Hara 1.2.18 (inclusive) or later versions
• Recommended Actions:
  • [Extension] Update to Jobmonster Elementor Addon version 1.1.5 (inclusive) or later
  • [Theme] Update to Jobmonster 4.8.3 (inclusive) or later
  • [Theme] Update to Exhibz 3.0.10 (inclusive) or later
  • [Theme] Update to ekommart 4.3.1 (inclusive) or later
  • [Theme] Update to Sailing 4.4.6 (inclusive) or later
  • [Theme] Update to Digiqole 2.2.7 (inclusive) or later
  • [Theme] Update to Fashion 5.3.0 (inclusive) or later
  • [Theme] Update to Besa 2.3.16 (inclusive) or later
  • [Theme] Update to Turitor 1.5.3 (inclusive) or later
  • [Theme] Update to Hara 1.2.18 (inclusive) or later
• Reference Material:
  1. https://www.cve.org/CVERecord?id=CVE-2025-67522
  2. https://www.cve.org/CVERecord?id=CVE-2025-67523
  3. https://www.cve.org/CVERecord?id=CVE-2025-67524
  4. https://www.cve.org/CVERecord?id=CVE-2025-67525
  5. https://www.cve.org/CVERecord?id=CVE-2025-67526
  6. https://www.cve.org/CVERecord?id=CVE-2025-67527
  7. https://www.cve.org/CVERecord?id=CVE-2025-67529
  8. https://www.cve.org/CVERecord?id=CVE-2025-67530
  9. https://www.cve.org/CVERecord?id=CVE-2025-67531
  10. https://www.cve.org/CVERecord?id=CVE-2025-67532

Computer and Communication Center
Network Systems Division, Respectfully