A vulnerability was found in Ancorames Lighthouse Plugin up to 1.2.12 on WordPress. It has been classified as critical. This impacts an unknown function. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is registered as CVE-2025-58902. Remote exploitation of the attack is possible. No exploit is available.