Jannah < 7.5.1 – Unauthenticated Local File Inclusion | CVE 2025-53334 | Theme Vulnerabilities

Description

The theme is vulnerable to Local File Inclusion. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Affects Themes

Fixed in 7.5.1

References

CVE

URL

https://patchstack.com/database/wordpress/theme/jannah/vulnerability/wordpress-jannah-theme-7-4-1-local-file-inclusion-vulnerability

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Ananda Dhakal

Verified

No

WPVDB ID

3db9f199-4881-46eb-a28e-252d7efb2582

Timeline

Publicly Published

2025-08-25 (about 7 months ago)

Added

2025-09-03 (about 7 months ago)

Last Updated

2025-10-27 (about 5 months ago)

Other

Published

Title

Published

2022-05-17

Title

Popup Box < 2.2 - Admin+ LFI

Published

2025-12-09

Title

Hippoo Mobile App for WooCommerce < 1.7.2 - Unauthenticated Arbitrary File Read

Published

2024-04-26

Title

BackUpWordPress < 3.14 - Admin+ Directory Traversal

Published

2026-02-14

Title

Element Pack Addons for Elementor < 8.3.18 - Authenticated (Contributor+) Arbitrary File Read

Published

2024-10-14

Title

Analyse Uploads <= 0.5 - Unauthenticated Arbitrary File Deletion