Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2025-60198
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 4 weeks ago
WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing WordPress Theme: from n/a through <= 1.9.3.

Affected products

saxon
  • =<<= 1.9.3

Matching in nixpkgs

pkgs.saxonb_8_8

Complete and conformant processor of XSLT 2.0, XQuery 1.0, and XPath 2.0

  • nixos-unstable 8.8
    • nixpkgs-unstable 8.8
    • nixos-unstable-small 8.8
  • nixos-25.11 8.8
    • nixpkgs-25.11-darwin 8.8

pkgs.saxon_11-he

Processor for XSLT 3.0, XPath 2.0 and 3.1, and XQuery 3.1

  • nixos-unstable 11.7
    • nixpkgs-unstable 11.7
    • nixos-unstable-small 11.7
  • nixos-25.11 11.7
    • nixpkgs-25.11-darwin 11.7

pkgs.saxon_12-he

Processor for XSLT 3.0, XPath 3.1, and XQuery 3.1

  • nixos-unstable 12.8
    • nixpkgs-unstable 12.8
    • nixos-unstable-small 12.8
  • nixos-25.11 12.9
    • nixpkgs-25.11-darwin 12.9

Package maintainers