CVE-2025-28947 is a high-severity vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP programs. Specifically, this vulnerability affects the MBStore - Digital WooCommerce WordPress Theme developed by snstheme, up to version 2.3. The flaw allows for PHP Remote File Inclusion (RFI) or Local File Inclusion (LFI), where an attacker can manipulate the filename parameter in the PHP include or require statements to execute arbitrary code or access sensitive files on the server. This occurs because the theme does not properly validate or sanitize user-supplied input used in these statements, enabling an attacker to specify malicious file paths or URLs. Exploitation of this vulnerability can lead to full compromise of the affected web server, including execution of arbitrary PHP code, disclosure of sensitive information, and potential pivoting to other internal systems. The CVSS v3.1 base score is 8.1, indicating a high level of severity with network attack vector, high attack complexity, no privileges required, no user interaction needed, and impacts on confidentiality, integrity, and availability. Although no public exploits are currently known in the wild, the vulnerability’s nature and high score suggest it is a critical risk for websites using this theme, especially those running WooCommerce stores that handle sensitive customer and payment data.

For European organizations, especially e-commerce businesses using WordPress with the MBStore theme, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to customer data, including personal and payment information, violating GDPR requirements and potentially resulting in heavy fines and reputational damage. The ability to execute arbitrary code on the server could also allow attackers to deploy malware, deface websites, or disrupt services, impacting business continuity and customer trust. Given the widespread use of WooCommerce in Europe and the popularity of WordPress themes, the attack surface is considerable. Additionally, compromised servers could be used as a foothold for further attacks within corporate networks or for launching supply chain attacks. The high severity and ease of remote exploitation without authentication make this vulnerability particularly dangerous for European organizations that rely on this theme for their online storefronts.

Immediate mitigation steps include: 1) Updating the MBStore - Digital WooCommerce WordPress Theme to a patched version once available from the vendor; 2) If a patch is not yet available, temporarily disabling or removing the vulnerable theme to prevent exploitation; 3) Implementing Web Application Firewall (WAF) rules to detect and block suspicious requests attempting to exploit file inclusion vulnerabilities, such as those containing directory traversal sequences or remote URLs in parameters; 4) Conducting thorough input validation and sanitization on all user-supplied inputs in custom code or plugins; 5) Restricting PHP configuration settings such as disabling allow_url_include and allow_url_fopen to prevent remote file inclusion; 6) Regularly auditing web server logs for anomalous access patterns indicative of exploitation attempts; 7) Employing principle of least privilege on web server file permissions to limit the impact of any successful exploit; and 8) Ensuring comprehensive backups and incident response plans are in place to quickly recover from potential compromises.