CVE-2025-69076
Published: 22 January 2026
Summary
CVE-2025-69076 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-69076 by requiring timely identification, reporting, and correction of the PHP local file inclusion flaw in the Modern Housewife WordPress theme.
Prevents exploitation of the improper filename control in PHP include/require by validating user-supplied inputs for expected content and format to block local file inclusion.
Enforces secure configuration settings for PHP and web servers, such as restricting file access paths or disabling dangerous include features, to limit the impact of file inclusion vulnerabilities.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a public-facing WordPress theme flaw (LFI via improper PHP include control) that unauthenticated remote attackers can exploit over the network, directly mapping to exploitation of public-facing applications.
NVD Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: from n/a through <= 1.0.12.
Deeper analysisAI
CVE-2025-69076 is an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability, classified as PHP Remote File Inclusion but enabling PHP Local File Inclusion in the Modern Housewife WordPress theme developed by AncoraThemes. The flaw affects all versions of the theme from n/a through 1.0.12 and is associated with CWE-98. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
Remote attackers can exploit this vulnerability over the network without authentication or user interaction, though it requires high attack complexity. Successful exploitation allows inclusion of local files via PHP's include/require statements, potentially enabling arbitrary file reads, modifications, or execution depending on server configuration and accessible files.
The Patchstack advisory provides details on this vulnerability in the Modern Housewife WordPress theme version 1.0.12, available at https://patchstack.com/database/Wordpress/Theme/modernhousewife/vulnerability/wordpress-modern-housewife-theme-1-0-12-local-file-inclusion-vulnerability?_s_id=cve. Security practitioners should consult this reference for recommended mitigations, such as updating the theme or applying available patches.
Details
- CWE(s)