CVE-2025-60072 in Anchor smooth scroll Plugin
Summary
by MITRE • 12/18/2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scroll anchor-smooth-scroll allows PHP Local File Inclusion.This issue affects Anchor smooth scroll: from n/a through <= 1.0.2.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 12/18/2025
The CVE-2025-60072 vulnerability represents a critical PHP Remote File Inclusion flaw that specifically targets the Anchor smooth scroll plugin version 1.0.2 and earlier. This vulnerability stems from improper control of filename parameters in include/require statements, creating a pathway for malicious actors to execute arbitrary code on affected systems. The issue manifests when the plugin fails to properly validate or sanitize user-supplied input that is subsequently used in PHP include or require functions, directly violating fundamental security principles of input validation and secure coding practices. Such vulnerabilities are particularly dangerous because they allow attackers to load and execute arbitrary PHP files from remote locations, potentially leading to complete system compromise.
The technical implementation of this vulnerability occurs within the plugin's handling of user input that gets passed directly to PHP's include or require functions without proper sanitization or validation. When an attacker can manipulate parameters that influence file inclusion paths, they can redirect the execution flow to load malicious files from external servers. This represents a classic PHP Local File Inclusion (LFI) vulnerability that has been classified under CWE-98, which specifically addresses Improper Control of Filename for Include/Require Statement. The vulnerability's impact is amplified by the fact that it affects the anchor-smooth-scroll plugin, which is designed to provide smooth scrolling functionality on websites, making it a common target for exploitation on WordPress installations where such plugins are widely deployed.
The operational impact of CVE-2025-60072 extends beyond simple code execution to encompass full system compromise and data breach potential. Attackers can leverage this vulnerability to upload backdoors, exfiltrate sensitive data, modify website content, or establish persistent access to compromised systems. The vulnerability's exploitation typically follows the ATT&CK technique T1505.003 for Server Software Component, where attackers target vulnerable web applications to achieve initial access and persistence. The affected versions of the Anchor smooth scroll plugin represent a significant risk to WordPress websites, as the plugin's functionality requires it to process user input that can be manipulated to achieve code inclusion. This vulnerability directly violates security controls outlined in the OWASP Top 10 2021, specifically targeting the A03:2021-Injection category, where the improper handling of user input leads to unauthorized code execution.
Mitigation strategies for CVE-2025-60072 must prioritize immediate patching of affected versions, with users upgrading to versions 1.0.3 or later where the vulnerability has been addressed. Security administrators should implement proper input validation and sanitization measures, ensuring that any user-supplied parameters used in include/require statements are thoroughly validated against a strict whitelist of allowed values. Network-level protections such as web application firewalls can provide additional defense-in-depth, though they should not be considered a substitute for proper code-level fixes. The vulnerability's remediation aligns with security best practices outlined in NIST SP 800-53, specifically focusing on access control and input validation controls. Organizations should conduct comprehensive security assessments of their web applications to identify similar vulnerabilities in other plugins or custom code, as this represents a common class of flaws that can be exploited across various PHP applications. Regular security monitoring and vulnerability scanning should be implemented to detect potential exploitation attempts and ensure continued protection against similar vulnerabilities in the future.