CVE-2025-49941 identifies a Local File Inclusion vulnerability in the AncoraThemes GlamChic WordPress theme, specifically due to improper control of filenames used in PHP include or require statements. This vulnerability arises when user input is not properly sanitized or validated before being passed to PHP functions that include files, allowing attackers to manipulate the filename parameter to include unintended files from the local filesystem. This can lead to disclosure of sensitive files such as configuration files, password files, or other critical data stored on the server. Additionally, if attackers can upload files or control file contents, they may execute arbitrary PHP code, resulting in remote code execution. The affected versions include all GlamChic versions up to and including 1.0.11. Although no public exploits have been reported, the vulnerability is classified as a serious security risk due to the commonality of PHP LFI issues and their potential to escalate into full system compromise. The vulnerability was reserved in June 2025 and published in December 2025, but no CVSS score or patch links are currently available. The lack of a patch necessitates immediate attention to mitigate risk. AncoraThemes GlamChic is a WordPress theme used primarily for fashion and lifestyle websites, which may be targeted for data theft or defacement.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of web applications running the GlamChic theme. Exploitation could lead to unauthorized disclosure of sensitive information such as user data, credentials, or internal configuration files. This could result in data breaches subject to GDPR penalties. Furthermore, attackers could leverage the vulnerability to execute arbitrary code, potentially gaining full control over the affected web server, leading to website defacement, malware distribution, or pivoting to internal networks. Organizations in sectors such as e-commerce, media, and fashion that rely on GlamChic for their online presence are particularly vulnerable. The impact extends to reputational damage and operational disruption. Since the vulnerability does not require authentication and can be exploited remotely, the attack surface is broad. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as exploit code may emerge rapidly once the vulnerability is public.

European organizations should immediately audit their WordPress installations to identify the use of the GlamChic theme, specifically versions up to 1.0.11. Until a vendor patch is released, organizations should implement strict input validation and sanitization on any user-controllable parameters that influence file inclusion. Employing web application firewalls (WAFs) with rules targeting LFI attack patterns can provide temporary protection. Restricting PHP functions such as include, require, and file access functions via PHP configuration (disable_functions directive) can reduce risk. Additionally, file system permissions should be hardened to prevent unauthorized file reading or writing by the web server user. Monitoring web server logs for suspicious requests attempting directory traversal or unusual file inclusion attempts is critical. Organizations should also prepare to update the GlamChic theme promptly once a security patch is available and consider alternative themes if timely patching is not feasible. Regular backups and incident response plans should be reviewed to handle potential exploitation.