CVE-2025-58899 | AncoraThemes Frame Plugin up to 2.4.0 on WordPress filename control

December 18, 2025 Yanac

A vulnerability marked as critical has been reported in AncoraThemes Frame Plugin up to 2.4.0 on WordPress. The impacted element is an unknown function. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is handled as CVE-2025-58899. The attack can be initiated remotely. There is not any exploit available.VulDB Recent EntriesRead More