CVE-2025-27010: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability (CVE-2025-27010) was discovered in bslthemes Tastyc WordPress theme versions before 2.5.2. The vulnerability was disclosed on April 15, 2025, and allows PHP Local File Inclusion through path traversal using '.../...//'. This security issue affects all versions of Tastyc theme prior to version 2.5.2 (Patchstack).

The vulnerability is classified as a Path Traversal attack of type '.../...//'. It has received a CVSS v3.1 Base Score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-35 (Path Traversal: '.../...//') and requires no authentication to exploit (NVD, Patchstack).

The vulnerability allows malicious actors to perform Local File Inclusion attacks, potentially exposing sensitive server-side files. Attackers could access files containing credentials, such as database configurations, which might lead to complete database compromise depending on the server configuration (Patchstack).

Users are strongly advised to update to Tastyc version 2.5.2 or later immediately to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).