PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-69120 ThemeREX CVE debrief

CVE-2025-69120 is a high-severity unauthenticated local file inclusion vulnerability in the Dazzle theme for WordPress, affecting version 1.0.0 or earlier. The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. The Common Vulnerability Scoring System (CVSS) vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Users of the Dazzle theme for WordPress should apply patches or mitigations to prevent unauthenticated local file inclusion attacks. The vulnerability allows attackers to include local files without authentication, potentially leading to sensitive information disclosure or code execution.

Vendor
ThemeREX
Product
Dazzle
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Users of the Dazzle theme for WordPress, version 1.0.0 or earlier, should apply patches or mitigations to prevent unauthenticated local file inclusion attacks. This includes administrators, security teams, and operators responsible for maintaining WordPress installations with the Dazzle theme.

Technical summary

CVE-2025-69120 is an unauthenticated local file inclusion vulnerability in the Dazzle theme for WordPress, affecting version 1.0.0 or earlier. The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. The Common Vulnerability Scoring System (CVSS) vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability allows attackers to include local files without authentication, potentially leading to sensitive information disclosure or code execution.

Defensive priority

High priority should be given to applying patches or mitigations for CVE-2025-69120, as it allows unauthenticated local file inclusion attacks.

Recommended defensive actions

  • Apply patches or updates for the Dazzle theme, version 1.0.0 or earlier.
  • Implement mitigations, such as restricting access to sensitive files or directories.
  • Monitor for suspicious activity, such as unusual file access requests.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-06-17T14:17:32.470Z and last modified on 2026-06-17T15:16:36.740Z. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify the affected scope and apply patches or mitigations accordingly.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T14:17:32.470Z and has not been modified since then. The NVD entry is currently Deferred.