{"id":52169,"date":"2025-06-15T07:02:54","date_gmt":"2025-06-15T07:02:54","guid":{"rendered":""},"modified":"2025-06-21T05:01:58","modified_gmt":"2025-06-21T11:01:58","slug":"cve-2023-25999-critical-php-local-file-inclusion-vulnerability-in-bodycenter-wordpress-theme","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-25999-critical-php-local-file-inclusion-vulnerability-in-bodycenter-wordpress-theme\/","title":{"rendered":"CVE-2023-25999: Critical PHP Local File Inclusion Vulnerability in BodyCenter WordPress Theme<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The vulnerability CVE-2023-25999 is a critical flaw found in the BodyCenter – Gym, Fitness WooCommerce WordPress Theme. This vulnerability is a PHP Local File Inclusion (LFI) flaw, which can lead to potential system compromise and data leakage. It affects all versions up to and including 2.4 of the BodyCenter theme. The seriousness of this vulnerability is reflected in its CVSS severity<\/a> score of 8.1, marking it as a high-risk issue.
\nThe vulnerability is particularly concerning due to the widespread use of WordPress<\/a> and WooCommerce in the fitness industry, potentially putting a multitude of gym and fitness centers at risk. In the wrong hands, this exploit could lead to the compromise of sensitive customer data<\/a>, including personal fitness plans, billing information, and personal contact details.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2023-25999
\nSeverity: High (8.1)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system compromise<\/a> and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n