CVE-2025-49361 is a vulnerability identified in the AncoraThemes Mamita WordPress theme, specifically versions up to and including 1.0.9. The issue arises from improper control of filenames used in PHP include or require statements, which leads to a PHP Local File Inclusion (LFI) vulnerability. LFI vulnerabilities allow attackers to trick the application into including files from the local filesystem, potentially exposing sensitive information such as configuration files, credentials, or source code. In some scenarios, LFI can be chained with other vulnerabilities to achieve remote code execution, although this CVE does not explicitly confirm RCE. The vulnerability is exploitable remotely over the network without requiring privileges or authentication, but it requires user interaction, such as visiting a crafted URL or triggering a specific request. The CVSS 3.1 base score is 8.1, indicating a high severity level, with the vector showing network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality and integrity (C:H/I:H), but no impact on availability (A:N). No patches or exploit code are currently publicly available, and no known exploits in the wild have been reported. The vulnerability affects the Mamita theme, which is used in WordPress environments, making it relevant to websites relying on this theme for their front-end presentation and functionality. The root cause is insufficient validation or sanitization of input controlling the filename in PHP include/require statements, allowing attackers to manipulate the file path to include unintended files.

For European organizations, this vulnerability poses a significant risk to websites running the AncoraThemes Mamita theme, particularly those involved in e-commerce, content publishing, or any service relying on WordPress. Successful exploitation can lead to unauthorized disclosure of sensitive data such as configuration files, user credentials, or proprietary code, undermining confidentiality. Integrity can also be compromised if attackers manage to include malicious files or manipulate application logic. Although availability is not directly impacted, the breach of confidentiality and integrity can lead to reputational damage, regulatory penalties under GDPR, and potential downstream attacks such as privilege escalation or lateral movement within networks. Organizations with public-facing WordPress sites using this theme are especially vulnerable, as attackers can exploit the flaw remotely without authentication. The lack of known exploits in the wild currently provides a window for proactive mitigation. However, the widespread use of WordPress in Europe, combined with the popularity of AncoraThemes products, means that many SMEs and larger enterprises could be affected. The impact is heightened in sectors with strict data protection requirements, such as finance, healthcare, and government services.

Organizations should immediately audit their WordPress installations to identify the use of the AncoraThemes Mamita theme, especially versions up to 1.0.9. Until an official patch is released, mitigation should include disabling or replacing the vulnerable theme. Implement strict input validation and sanitization on any parameters controlling file inclusion paths to prevent manipulation. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious include or require statements and attempts to access local files via URL parameters. Regularly monitor web server and application logs for anomalous requests indicative of LFI attempts. Restrict file permissions on the web server to limit access to sensitive files that could be included. Educate developers and administrators on secure coding practices related to file inclusion. Once a patch is available from AncoraThemes, prioritize its deployment across all affected systems. Additionally, consider using security plugins that can detect and prevent common WordPress vulnerabilities. Conduct penetration testing focused on file inclusion vulnerabilities to verify mitigation effectiveness.