CVE-2025-58803 HIGH

CVE-2025-58803: WordPress Algenix theme <= 1.0 - Local File Inclusion vulnerability

Vendor Axiomthemes
Product Algenix
Weakness CWE-98 · PHP file inclusion
Published December 18, 2025
Last update April 28, 2026

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Algenix algenix allows PHP Local File Inclusion.This issue affects Algenix: from n/a through <= 1.0.

Explanation of Vulnerability in Simple Terms

02Summary

Algenix versions 1.0 and earlier contain a remote code execution vulnerability accessible over the network without authentication. An attacker can execute arbitrary code on the server by exploiting improper input handling. This affects confidentiality, integrity, and availability of the site. Update to a version newer than 1.0 immediately.

What an attacker can do

03Attacker Capabilities

Run their own code on the server without logging in.

Potential impact on your site

04Site Impact

Complete compromise of the site: data theft, malware injection, and service disruption.

Conditions required to exploit

05Prerequisites

Network access to the Algenix application; no authentication required.

Key dates

06Disclosure timeline

December 18, 2025 CVE published
April 28, 2026 Record updated