Atomlab
Monthly
Local file inclusion in the Atomlab WordPress theme versions 2.4.5 and earlier allows remote unauthenticated attackers to include arbitrary PHP files on the server, potentially leading to sensitive information disclosure and remote code execution. The flaw is tracked under CWE-98 (improper control of filename for include/require) and carries a CVSS 3.1 base score of 8.1 (high). No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Local file inclusion in the Atomlab WordPress theme versions 2.4.5 and earlier allows remote unauthenticated attackers to include arbitrary PHP files on the server, potentially leading to sensitive information disclosure and remote code execution. The flaw is tracked under CWE-98 (improper control of filename for include/require) and carries a CVSS 3.1 base score of 8.1 (high). No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.