CVE-2025-69144 ThemeREX CVE debrief

Who should care

Administrators and security teams responsible for WordPress installations, particularly those using the Preservation theme version 1.10 or earlier, should prioritize patching this vulnerability to prevent potential exploitation.

Technical summary

The CVE-2025-69144 vulnerability is caused by an unauthenticated local file inclusion weakness in the Preservation theme for WordPress. This vulnerability has a CVSS score of 8.1 and a CVSS vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-98. The vulnerability was reported by [email protected] and is related to the Preservation theme version 1.10 or earlier.

Defensive priority

HIGH

Recommended defensive actions

• Update the Preservation theme to a version greater than 1.10.
• Restrict access to sensitive files and directories.
• Implement additional security measures, such as web application firewalls (WAFs).
• Regularly monitor WordPress installations for updates and vulnerabilities.
• Consider using a security plugin to detect and prevent exploitation attempts.
• Review and update incident response plans to address potential exploitation.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].

Official resources