CVE-2025-68068 is a Remote File Inclusion (RFI) vulnerability identified in the Select-Themes Stockholm WordPress theme, affecting all versions up to and including 9.14.1. The root cause is improper validation and control of the filename parameter used in PHP include or require statements. This flaw allows an attacker to manipulate the input to include arbitrary remote files, which the PHP interpreter then executes. This can lead to remote code execution (RCE), enabling attackers to run malicious scripts on the affected server. The vulnerability does not require authentication or user interaction, making it highly exploitable. Although no public exploits are currently reported, the nature of RFI vulnerabilities historically leads to rapid exploitation once disclosed. The vulnerability impacts the confidentiality, integrity, and availability of affected systems by potentially allowing attackers to steal sensitive data, modify website content, or disrupt services. The vulnerability affects WordPress sites using the Stockholm theme, which is popular among European businesses for its design and functionality. The lack of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed, but the technical details and typical RFI impact suggest a critical severity level.

For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress websites using the Stockholm theme for e-commerce, media, or corporate communications. Successful exploitation could lead to unauthorized access to sensitive customer data, intellectual property theft, website defacement, or complete server takeover. This could result in financial losses, reputational damage, regulatory penalties under GDPR, and operational disruptions. Organizations in sectors such as retail, finance, and media are particularly vulnerable due to their reliance on web platforms and the sensitivity of their data. The ease of exploitation without authentication increases the threat level, making it critical for organizations to act swiftly. Additionally, compromised websites could be used as launchpads for further attacks within corporate networks or to distribute malware to visitors, amplifying the impact.

1. Immediately monitor for and apply any official patches or updates released by Select-Themes for the Stockholm theme. 2. If patches are not yet available, temporarily disable or replace the Stockholm theme with a secure alternative. 3. Harden PHP configurations by disabling allow_url_include and allow_url_fopen directives to prevent remote file inclusion. 4. Implement Web Application Firewalls (WAF) with rules to detect and block suspicious include/require parameter manipulations. 5. Conduct thorough input validation and sanitization on all user-supplied data, especially parameters used in file inclusion functions. 6. Regularly audit WordPress themes and plugins for vulnerabilities and maintain an updated inventory. 7. Employ security monitoring to detect anomalous file changes or unauthorized code execution on web servers. 8. Educate web administrators on secure coding practices and the risks of RFI vulnerabilities. 9. Backup website data frequently and ensure backups are stored securely offline to enable recovery from compromise.