CVE Catalog

CVE-2025-68063

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

The Splash - Sport Club WordPress Theme for Basketball, Football, Hockey versions 4.4.3 and earlier contains a Local File Inclusion (LFI) vulnerability exploitable by contributors. This allows an attacker with contributor privileges to read sensitive files on the server.

Risk Assessment

The risk involves the possibility of reading confidential configuration files such as wp-config.php, which could lead to database credential leakage and full site compromise.

Recommendation

It is recommended to immediately update the Splash - Sport Club theme to the latest available version that fixes this vulnerability. Also, restrict contributor privileges to the minimum necessary.

Original NVD description (English source)

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS