CVE-2025-67521 | Select-Themes Select Core Plugin up to 2.6 on WordPress filename control

A vulnerability was found in Select-Themes Select Core Plugin up to 2.6 on WordPress. It has been rated as critical. This affects an unknown function. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is tracked as CVE-2025-67521. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More