POSTING DATE: 2025/12/23

[VULNERABILITY ALERT] 10 High-Risk Security Vulnerabilities in WordPress Extensions and Themes, Please Verify and Patch Immediately

  • Subject: [VULNERABILITY ALERT] 10 High-Risk Security Vulnerabilities in WordPress Extensions and Themes, Please Verify and Patch Immediately


  • Content Description:
    • Forwarded from National Information Security Information Sharing and Analysis Center Security Alert NISAC-200-202512-00000155
    • Researchers have discovered PHP Local File Inclusion (LFI) vulnerabilities (CVE-2025-67522, CVE-2025-67523, CVE-2025-67524, CVE-2025-67525, CVE-2025-67526, CVE-2025-67527, CVE-2025-67529, CVE-2025-67530, CVE-2025-67531, and CVE-2025-67532) in WordPress extensions and themes.
    • A remote unauthenticated attacker could exploit this vulnerability to induce server-side PHP scripts to load unintended local files and execute arbitrary code on the server side. Please verify and patch as soon as possible.
  • Affected Platforms:
    • [Extension] Jobmonster Elementor Addon versions 1.1.4 (inclusive) and before
    • [Theme] Update to Jobmonster 4.8.3 (inclusive) or later versions
    • [Theme] Update to Exhibz 3.0.10 (inclusive) or later versions
    • [Theme] Update to ekommart 4.3.1 (inclusive) or later versions
    • [Theme] Update to Digiqole 2.2.7 (inclusive) or later versions
    • [Theme] Update to Sailing 4.4.6 (inclusive) or later versions
    • [Theme] Update to Fashion 5.3.0 (inclusive) or later versions
    • [Theme] Update to Besa 2.3.16 (inclusive) or later versions
    • [Theme] Update to Turitor 1.5.3 (inclusive) or later versions
    • [Theme] Update to Hara 1.2.18 (inclusive) or later versions
  • Recommended Actions:
    • [Extension] Update to Jobmonster Elementor Addon version 1.1.5 (inclusive) or later
    • [Theme] Update to Jobmonster 4.8.3 (inclusive) or later
    • [Theme] Update to Exhibz 3.0.10 (inclusive) or later
    • [Theme] Update to ekommart 4.3.1 (inclusive) or later
    • [Theme] Update to Sailing 4.4.6 (inclusive) or later
    • [Theme] Update to Digiqole 2.2.7 (inclusive) or later
    • [Theme] Update to Fashion 5.3.0 (inclusive) or later
    • [Theme] Update to Besa 2.3.16 (inclusive) or later
    • [Theme] Update to Turitor 1.5.3 (inclusive) or later
    • [Theme] Update to Hara 1.2.18 (inclusive) or later
  • Reference Material:
    1. https://www.cve.org/CVERecord?id=CVE-2025-67522
    2. https://www.cve.org/CVERecord?id=CVE-2025-67523
    3. https://www.cve.org/CVERecord?id=CVE-2025-67524
    4. https://www.cve.org/CVERecord?id=CVE-2025-67525
    5. https://www.cve.org/CVERecord?id=CVE-2025-67526
    6. https://www.cve.org/CVERecord?id=CVE-2025-67527
    7. https://www.cve.org/CVERecord?id=CVE-2025-67529
    8. https://www.cve.org/CVERecord?id=CVE-2025-67530
    9. https://www.cve.org/CVERecord?id=CVE-2025-67531
    10. https://www.cve.org/CVERecord?id=CVE-2025-67532

Computer and Communication Center
Network Systems Division, Respectfully