CVE-2025-60191 is a vulnerability classified as improper control of filename for include/require statements in PHP programs, specifically affecting the Premmerce Wishlist for WooCommerce plugin versions up to 1.1.10. This vulnerability allows an attacker to exploit a Local File Inclusion (LFI) flaw by manipulating the filename parameter used in PHP include or require functions. LFI vulnerabilities occur when user input is not properly sanitized or validated before being used in file inclusion operations, enabling attackers to include arbitrary files from the server's filesystem. This can lead to remote code execution if the attacker can include files containing malicious code or sensitive information disclosure if system files are included. The CVSS v3.1 score of 7.5 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. The plugin is widely used in WooCommerce-based e-commerce sites, which are common in Europe. Although no exploits are currently known in the wild, the vulnerability’s characteristics suggest it could be leveraged by attackers to compromise affected systems. The lack of a patch link indicates that a fix may not yet be publicly available, underscoring the need for immediate mitigation measures.

For European organizations, this vulnerability poses a significant risk to the integrity of their e-commerce platforms running WooCommerce with the Premmerce Wishlist plugin. Exploitation could allow attackers to execute arbitrary code or manipulate site functionality, potentially leading to unauthorized transactions, data tampering, or further compromise of backend systems. While confidentiality and availability impacts are not directly indicated, the integrity breach alone can undermine customer trust, cause financial losses, and damage brand reputation. Given the widespread use of WooCommerce in Europe’s e-commerce sector, especially in countries with mature online retail markets, the threat could affect a large number of businesses. Additionally, attackers could leverage this vulnerability as a foothold for lateral movement within corporate networks. The absence of required authentication and user interaction means that automated attacks or scanning could rapidly identify and exploit vulnerable installations, increasing the urgency for European organizations to respond.

Organizations should immediately audit their WooCommerce installations to identify the presence of the Premmerce Wishlist plugin and its version. If version 1.1.10 or earlier is detected, the plugin should be disabled or removed until a security patch is released. In the interim, implement strict web application firewall (WAF) rules to block suspicious requests attempting to manipulate include/require parameters. Restrict PHP file inclusion paths using configuration directives such as open_basedir to limit accessible files to trusted directories. Conduct thorough logging and monitoring for anomalous file inclusion attempts or unexpected PHP errors. Developers should review and sanitize all user inputs related to file inclusion, employing whitelisting of allowed files rather than blacklisting. Regularly check for updates from the vendor and apply patches promptly once available. Additionally, consider isolating the affected web applications in segmented network zones to reduce potential lateral movement if exploited.