CVE-2025-60153 is a high-severity vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP programs. Specifically, this vulnerability affects the 'Subscribe To Unlock' plugin developed by wpshuffle, versions up to and including 1.1.5. The flaw allows for PHP Local File Inclusion (LFI), meaning an attacker can manipulate the filename parameter used in PHP's include or require functions to load unintended files from the local filesystem. This can lead to the disclosure of sensitive information, code execution, or further exploitation depending on the files accessible and the server configuration. The vulnerability is remotely exploitable over the network (AV:N), but requires a high attack complexity (AC:H) and low privileges (PR:L), with no user interaction needed (UI:N). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating that successful exploitation can lead to full compromise of the affected system. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. The vulnerability was published on September 26, 2025, and was reserved the day before. The root cause is insufficient validation or sanitization of user-controlled input used in PHP include/require statements, allowing attackers to specify arbitrary local files to be included and executed by the PHP interpreter.

For European organizations, this vulnerability poses a significant risk, especially for those using WordPress sites with the 'Subscribe To Unlock' plugin by wpshuffle. Exploitation could lead to unauthorized disclosure of sensitive data such as configuration files, credentials, or user data stored on the server. Additionally, attackers could execute arbitrary PHP code, potentially leading to full system compromise, defacement, or use of the server as a pivot point for lateral movement within the network. This could disrupt business operations, damage reputation, and lead to regulatory non-compliance under GDPR due to data breaches. The high impact on confidentiality, integrity, and availability means that critical services relying on affected plugins could be severely disrupted. Since the attack requires low privileges and no user interaction, automated scanning and exploitation attempts could increase rapidly once exploit code becomes available, increasing risk exposure for European entities.

Organizations should immediately audit their WordPress installations to identify the presence of the 'Subscribe To Unlock' plugin by wpshuffle. If found, they should restrict access to the plugin's files and directories using web server configuration (e.g., .htaccess rules) to prevent unauthorized HTTP requests that could trigger the vulnerability. Implementing a Web Application Firewall (WAF) with rules to detect and block suspicious include/require parameter manipulations can provide temporary protection. Until an official patch is released, disabling or uninstalling the plugin is the safest approach. Additionally, organizations should review PHP configuration settings to disable allow_url_include and restrict file access permissions to minimize the impact of LFI vulnerabilities. Monitoring web server logs for unusual requests targeting the plugin's endpoints can help detect exploitation attempts early. Finally, organizations should prepare to apply patches promptly once available and conduct thorough testing before redeployment.