CVE-2025-60201 — PHP Remote File Inclusion in WP Customer Area

CWE-98 — PHP Remote File Inclusion3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 84.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aguilatechnologies WP Customer Area

Timeline

PublishedNov 6

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through <= 8.3.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5aguilatechnologies/wp_customer_area8.3.4

🔴Vulnerability Details

GHSA

GHSA-h6c4-8h46-gcfm: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Custome↗2025-11-06

▶

CVEList

WordPress WP Customer Area plugin <= 8.3.4 - Local File Inclusion vulnerability↗2025-11-06

▶