CVE-2025-53339: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2025-53339 is a Local File Inclusion vulnerability affecting the Devnex Addons For Elementor WordPress plugin versions through 1.0.9. It was discovered and reported by Prissy on May 10, 2025, and publicly disclosed on June 27, 2025. The vulnerability is classified as an Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) issue (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The weakness is categorized as CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program). The vulnerability requires Contributor-level privileges to exploit (Patchstack).

This vulnerability could allow a malicious actor to include local files of the target website and display their contents. Particularly sensitive files containing credentials, such as database configuration files, could be exposed, potentially leading to complete database takeover depending on the system configuration (Patchstack).

Currently, there is no official fix available for this vulnerability. The latest affected version is 1.0.9, and no patched version has been released (Patchstack).