Print - 【Vulnerability Alert】Ten High-Risk Security Vulnerabilities Have Been Identified in WordPress Plugins and Themes. Please promptly verify and apply the necessary fixes.

【Vulnerability Alert】Ten High-Risk Security Vulnerabilities Have Been Identified in WordPress Plugins and Themes. Please promptly verify and apply the necessary fixes.

publish date : 2025-12-29 update date : 2025-12-29

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025122301124444	Publication Time	2025/12/23 13:36
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/12/23 13:36
Impact Level	Medium
[Subject] 【Vulnerability Alert】Ten High-Risk Security Vulnerabilities Have Been Identified in WordPress Plugins and Themes. Please promptly verify and apply the necessary fixes.
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202512-00000155 Researchers have discovered PHP Local File Inclusion (LFI) vulnerabilities in WordPress plugins and themes (CVE-2025-67522, CVE-2025-67523, CVE-2025-67524, CVE-2025-67525, CVE-2025-67526, CVE-2025-67527, CVE-2025-67529, CVE-2025-67530, CVE-2025-67531, and CVE-2025-67532). Unauthenticated remote attackers can exploit these vulnerabilities to cause server-side PHP programs to load unintended local files and execute arbitrary code on the server. Please promptly verify and apply the necessary fixes. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] 【Plugin】Jobmonster Elementor Addon versions 1.1.4 and earlier 【Theme】Update to Jobmonster version 4.8.3 or later 【Theme】Update to Exhibz version 3.0.10 or later 【Theme】Update to ekommart version 4.3.1 or later 【Theme】Update to Digiqole version 2.2.7 or later 【Theme】Update to Sailing version 4.4.6 or later 【Theme】Update to Fashion version 5.3.0 or later 【Theme】Update to Besa version 2.3.16 or later 【Theme】Update to Turitor version 1.5.3 or later 【Theme】Update to Hara version 1.2.18 or later
[Recommended Actions] 【Plugin】Update to Jobmonster Elementor Addon version 1.1.5 or later 【Theme】Update to Jobmonster version 4.8.3 or later 【Theme】Update to Exhibz version 3.0.10 or later 【Theme】Update to ekommart version 4.3.1 or later 【Theme】Update to Sailing version 4.4.6 or later 【Theme】Update to Digiqole version 2.2.7 or later 【Theme】Update to Fashion version 5.3.0 or later 【Theme】Update to Besa version 2.3.16 or later 【Theme】Update to Turitor version 1.5.3 or later 【Theme】Update to Hara version 1.2.18 or later
[Reference] 1. https://www.cve.org/CVERecord?id=CVE-2025-67522 2. https://www.cve.org/CVERecord?id=CVE-2025-67523 3. https://www.cve.org/CVERecord?id=CVE-2025-67524 4. https://www.cve.org/CVERecord?id=CVE-2025-67525 5. https://www.cve.org/CVERecord?id=CVE-2025-67526 6. https://www.cve.org/CVERecord?id=CVE-2025-67527 7. https://www.cve.org/CVERecord?id=CVE-2025-67529 8. https://www.cve.org/CVERecord?id=CVE-2025-67530 9. https://www.cve.org/CVERecord?id=CVE-2025-67531 10. https://www.cve.org/CVERecord?id=CVE-2025-67532

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center