{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T16:53:08.648","vulnerabilities":[{"cve":{"id":"CVE-2025-32154","sourceIdentifier":"audit@patchstack.com","published":"2025-04-04T16:15:23.833","lastModified":"2026-04-01T17:22:01.290","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through <= 2.0.1."},{"lang":"es","value":"Vulnerabilidad de control incorrecto del nombre de archivo para la instrucción Include/Require en programas PHP ('Inclusión remota de archivos en PHP') en Catch Themes Catch Dark Mode permite la inclusión local de archivos en PHP. Este problema afecta al modo Catch Dark desde n/d hasta la versión 1.2.1."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:catchthemes:catch_dark_mode:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.1","matchCriteriaId":"C551BDF9-944C-4496-B54B-8C26EEE6D5D4"}]}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/catch-dark-mode/vulnerability/wordpress-catch-dark-mode-plugin-1-2-1-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]}]}}]}