CVE-2025-4200 is a Local File Inclusion vulnerability classified under CWE-98, affecting all versions up to 1.4.1 of the Zagg - Electronics & Accessories WooCommerce WordPress theme. The vulnerability stems from improper validation and control of filenames passed to the load_view() function, which is invoked by at least three AJAX actions: 'load_more_post', 'load_shop', and 'load_more_product'. These AJAX endpoints do not require authentication, allowing remote unauthenticated attackers to manipulate the filename parameter to include arbitrary files on the server. This can lead to the execution of malicious PHP code if attackers manage to upload files or leverage existing files on the server. The flaw enables attackers to bypass access controls, access sensitive data, and achieve remote code execution (RCE). The vulnerability is rated with a CVSS 3.1 score of 8.1, reflecting high impact on confidentiality, integrity, and availability, though it requires high attack complexity. No patches or official fixes have been published yet, and no known exploits are currently in the wild. The vulnerability is critical for WordPress sites using this theme, especially those allowing file uploads or with weak server configurations.

The impact of CVE-2025-4200 is substantial for organizations running WordPress sites with the vulnerable Zagg theme. Successful exploitation can lead to remote code execution, enabling attackers to fully compromise the web server, steal sensitive customer and business data, modify website content, or use the server as a pivot point for further attacks. This can result in data breaches, website defacement, service disruption, and reputational damage. E-commerce sites using WooCommerce with this theme are particularly at risk, as attackers could manipulate product data, steal payment information, or disrupt sales operations. The unauthenticated nature of the exploit increases risk, as no credentials are needed. The high CVSS score reflects the broad impact on confidentiality, integrity, and availability. Organizations without proper monitoring or segmentation may face prolonged undetected compromise. The lack of patches increases exposure time, raising the likelihood of exploitation once public exploits emerge.

To mitigate CVE-2025-4200, organizations should immediately take the following steps: 1) Disable or restrict access to the vulnerable AJAX endpoints ('load_more_post', 'load_shop', 'load_more_product') via web application firewall (WAF) rules or server configuration to block unauthenticated requests. 2) Restrict file upload capabilities and enforce strict validation on uploaded file types and contents to prevent malicious PHP code disguised as images or other files. 3) Implement strict input validation and sanitization on all parameters passed to include or require statements in PHP code, especially within the load_view() function. 4) Monitor web server and application logs for suspicious requests targeting these AJAX actions or unusual file inclusion attempts. 5) Isolate WordPress installations and limit permissions to reduce the impact of potential code execution. 6) Regularly back up website data and configurations to enable recovery if compromise occurs. 7) Engage with the theme vendor or community to obtain patches or updates once available and apply them promptly. 8) Consider temporarily switching to a different theme or disabling the vulnerable theme if immediate patching is not possible. 9) Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect and block exploitation attempts in real time.