CVE-2025-39467: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability (CVE-2025-39467) was discovered in Mikado-Themes' Wanderland WordPress theme affecting versions up to and including 1.7.1. The vulnerability was disclosed on November 6, 2025, and allows PHP Local File Inclusion through path traversal using '../...//'. The issue was discovered by security researcher Bonds (Patchstack).

The vulnerability is classified as a Path Traversal attack that enables Local File Inclusion. It received a CVSS score of 8.1, indicating high severity. The vulnerability is particularly concerning as it can be exploited without authentication, making it highly dangerous and likely to be exploited (Patchstack).

This vulnerability could allow malicious actors to include and view local files from the target website. Of particular concern is the potential access to files containing sensitive information such as database credentials, which could lead to complete database compromise depending on the server configuration (Patchstack).

The vulnerability has been fixed in version 1.7.2 of the Wanderland theme. Users are strongly advised to update to this version or later immediately. Additionally, Patchstack has issued a mitigation rule to block potential attacks until users can update to the fixed version (Patchstack).