How severe is CVE-2025-2101?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2025-2101?

This is classified as CWE-98, which is a common weakness in software security.

CVE-2025-2101 - HIGH Severity | CVSS 8.1

Vulnerability Description

The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.

Related Vulnerabilities

CVE-2017-14095

HIGH

CVSS:8.1(High)

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system...

CWE-982017

CVE-2021-21804

HIGH

CVSS:8.1(High)

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code e...

CWE-982021

CVE-2024-11289

HIGH

CVSS:8.1(High)

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_fun...

CWE-982024

CVE-2024-21687

HIGH

CVSS:8.1(High)

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with ...

CWE-982024

CVE-2024-36569

HIGH

CVSS:8.1(High)

Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php.

CWE-982024

CVE-2024-52381

HIGH

CVSS:8.1(High)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART allows PHP Local File Inclusion.This issue affects ZIJ K...

CWE-982024