CVE-2025-60200 — PHP Remote File Inclusion in Learnpress Export Import

CWE-98 — PHP Remote File Inclusion3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 84.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Thimpress Learnpress Export Import

Timeline

PublishedNov 6

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through <= 4.1.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5thimpress/learnpress_export_import4.1.2

🔴Vulnerability Details

CVEList

WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability↗2025-11-06

▶

GHSA

GHSA-wvr7-fv92-hggh: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export I↗2025-11-06

▶