CVE-2025-24761: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2025-24761) affects the DSK WordPress theme versions 2.2 and below, discovered on June 11, 2025. This is a Local File Inclusion vulnerability that allows unauthenticated attackers to include and view local files on the target website (Patchstack).

The vulnerability is classified as a PHP Remote File Inclusion issue, specifically an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability. It has received a CVSS v3.1 score of 8.1 (High), with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD, Patchstack).

The vulnerability could allow malicious actors to access and view local files on the target website, including sensitive files containing credentials such as database configurations. This could potentially lead to complete database takeover depending on the server configuration (Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website owners are advised to implement immediate mitigation measures (Patchstack).