CVE-2025-67937 is a Remote File Inclusion vulnerability found in the Mikado-Themes Hendon WordPress theme, affecting all versions prior to 1.7. The vulnerability arises from improper validation and control of filenames passed to PHP include or require statements. This flaw allows an attacker to supply a crafted URL or file path that the PHP interpreter will include and execute, potentially loading malicious code from a remote server. The vulnerability does not require authentication or user interaction, making it exploitable over the network by any unauthenticated attacker. The CVSS v3.1 score of 8.1 reflects the high impact on confidentiality, integrity, and availability, as successful exploitation can lead to full server compromise, data theft, defacement, or service disruption. Although no exploits are currently known in the wild, the vulnerability is publicly disclosed and documented, increasing the risk of future exploitation. The affected product, Hendon, is a WordPress theme by Mikado-Themes, commonly used in various European websites. The vulnerability is critical because it leverages a common PHP weakness—improper input sanitization in include/require statements—allowing remote code execution without any privileges or user interaction. The lack of available patches at the time of disclosure necessitates urgent attention from administrators to apply updates or mitigations.

For European organizations, this vulnerability poses a significant threat to websites using the Mikado-Themes Hendon theme. Exploitation can lead to unauthorized remote code execution, allowing attackers to steal sensitive data, deface websites, deploy malware, or disrupt services. This can result in reputational damage, regulatory penalties under GDPR due to data breaches, and operational downtime. Organizations in sectors such as e-commerce, government, education, and media that rely on WordPress sites with this theme are particularly vulnerable. The ease of exploitation without authentication increases the attack surface, making automated scanning and mass exploitation plausible. Given the high adoption of WordPress in Europe, especially in countries with large digital economies, the potential impact is widespread. Additionally, compromised servers could be used as pivot points for further attacks within organizational networks or as part of botnets targeting other entities.

1. Immediately upgrade the Mikado-Themes Hendon theme to version 1.7 or later once the patch is released by the vendor. 2. Until an official patch is available, manually review and harden the theme’s PHP code by implementing strict input validation and sanitization on all parameters used in include/require statements. 3. Disable allow_url_include in PHP configuration to prevent remote file inclusion. 4. Employ a Web Application Firewall (WAF) with rules to detect and block attempts to exploit file inclusion vulnerabilities. 5. Conduct regular security audits and vulnerability scans on WordPress sites to detect anomalous file inclusion attempts. 6. Restrict file permissions on web servers to limit the impact of potential code execution. 7. Monitor web server logs for suspicious requests that attempt to exploit this vulnerability. 8. Educate site administrators about the risks of using outdated themes and the importance of timely updates.