CVE-2025-49935 is a vulnerability classified as Improper Control of Filename for Include/Require Statement in PHP, commonly known as a Remote File Inclusion (RFI) vulnerability, affecting the xtemos WoodMart WordPress theme versions prior to 8.3.2. The vulnerability occurs because the theme improperly validates or sanitizes user-supplied input used in PHP include or require statements. This flaw allows an attacker to manipulate the filename parameter to include remote files, which the PHP interpreter then executes. Exploiting this vulnerability can lead to remote code execution, enabling attackers to run arbitrary PHP code on the server hosting the vulnerable WoodMart theme. This can result in full site compromise, data theft, defacement, or pivoting to other internal systems. The vulnerability affects all WoodMart versions before 8.3.2, with no specific affected versions listed, indicating a broad impact across many installations. No public exploits are currently known, but the nature of RFI vulnerabilities makes them highly attractive targets. The vulnerability was reserved in June 2025 and published in October 2025, with no CVSS score assigned yet. The absence of patches linked in the provided data suggests that users must rely on vendor updates or manual code review to mitigate the risk. The vulnerability is particularly critical because it does not require authentication or user interaction, making exploitation straightforward if the site is accessible. WoodMart is a popular premium WordPress theme used primarily for e-commerce websites, which often handle sensitive customer data and transactions, increasing the potential impact of exploitation.

For European organizations, the impact of CVE-2025-49935 can be severe. Organizations using the WoodMart theme for their WordPress-based e-commerce or corporate websites risk unauthorized remote code execution, which can lead to full website compromise. This could result in data breaches involving customer personal and payment information, loss of business continuity due to website defacement or downtime, and reputational damage. The exploitation could also enable attackers to deploy malware, ransomware, or use the compromised server as a pivot point for further attacks within the organization's network. Given the widespread use of WordPress and WoodMart in Europe, especially among small and medium-sized enterprises (SMEs) in retail and services sectors, the threat could affect a significant number of organizations. Additionally, regulatory frameworks such as GDPR impose strict data protection requirements, and a breach resulting from this vulnerability could lead to substantial fines and legal consequences. The lack of authentication or user interaction required for exploitation increases the risk of automated attacks and mass scanning campaigns targeting vulnerable sites across Europe.

1. Immediate upgrade to WoodMart theme version 8.3.2 or later, where the vulnerability is patched. 2. If upgrading is not immediately possible, implement web application firewall (WAF) rules to block suspicious requests attempting to exploit file inclusion, such as those containing URL-encoded remote file paths or unusual query parameters. 3. Conduct a thorough code audit of any customizations or child themes to ensure no unsafe dynamic file inclusion is present. 4. Restrict PHP configurations to disable allow_url_include and allow_url_fopen directives to prevent remote file inclusion. 5. Employ principle of least privilege for web server and PHP processes to limit the impact of potential exploitation. 6. Monitor web server logs for unusual requests targeting include/require parameters or attempts to access remote resources. 7. Regularly back up website data and configurations to enable rapid recovery in case of compromise. 8. Educate site administrators about the risks of installing outdated themes and plugins and encourage timely patching.