CVE-2025-53565: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability (CVE-2025-53565) was discovered in the RadiusTheme Widget for Google Reviews WordPress plugin affecting versions through 1.0.15. The vulnerability was initially reported on June 1, 2025, by researcher LVT-tholv2k and was publicly disclosed on July 16, 2025 (Patchstack).

The vulnerability is classified as an Improper Control of Filename for Include/Require Statement in PHP Program (CWE-98). It received a CVSS v3.1 base score of 8.1 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely without requiring privileges or user interaction (NVD, Patchstack).

This vulnerability could allow malicious actors to include and access local files on the target website, potentially exposing sensitive information. Of particular concern is the potential access to files containing credentials, such as database configurations, which could lead to complete database compromise depending on the server configuration (Patchstack).

The vulnerability has been fixed in version 1.0.16 of the Widget for Google Reviews plugin. Users are strongly advised to update to this version or later immediately. For those unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).