PHP Local File Inclusion in Axiomthemes Crafti Plugin

CVE-2025-58705 is a PHP Local File Inclusion (LFI) vulnerability affecting Axiomthemes Crafti through version 1.12, stemming from improper control of filenames in include/require statements (CWE-98). This vulnerability allows attackers to manipulate file paths and read arbitrary files from the server's filesystem, potentially exposing sensitive configuration files, database credentials, or source code. WordPress site administrators using vulnerable versions of Crafti are at immediate risk, as LFI vulnerabilities can serve as initial footholds for more severe attacks, including remote code execution when combined with other techniques.

While this CVE currently maps to zero Casky skills, practitioners should understand that detection of LFI attack patterns typically involves monitoring for suspicious file path traversal attempts, unusual include/require statement parameters, and filesystem access anomalies. When mapped to MITRE ATT&CK, LFI techniques align with T1083 (File and Directory Discovery) and T1057 (Process Discovery). A security team leveraging Casky's Claude AI-powered analysis would examine web application logs for patterns like encoded traversal sequences (../, ..\), null byte injections, or wrapper protocols that indicate an attacker attempting to manipulate the include/require control flow. The extended reasoning capability would correlate these indicators with WordPress plugin behavior to distinguish malicious activity from legitimate application function, enabling faster incident response and vulnerability remediation.