CVE-2025-68063
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
The Splash - Sport Club WordPress Theme for Basketball, Football, Hockey versions 4.4.3 and earlier contains a Local File Inclusion (LFI) vulnerability exploitable by contributors. This allows an attacker with contributor privileges to read sensitive files on the server.
Risk Assessment
The risk involves the possibility of reading confidential configuration files such as wp-config.php, which could lead to database credential leakage and full site compromise.
Recommendation
It is recommended to immediately update the Splash - Sport Club theme to the latest available version that fixes this vulnerability. Also, restrict contributor privileges to the minimum necessary.
Original NVD description (English source)
Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions.

