Chapterone
Monthly
Unauthenticated local file inclusion in the Mikado-Themes ChapterOne WordPress theme (versions 1.7 and earlier) allows remote attackers to coerce the PHP application into including arbitrary local files via crafted requests. Successful exploitation can disclose sensitive files such as wp-config.php and, depending on server configuration, lead to PHP code execution by including attacker-influenced content. No public exploit identified at time of analysis, but the vulnerability is publicly cataloged by Patchstack.
Unauthenticated local file inclusion in the Mikado-Themes ChapterOne WordPress theme (versions 1.7 and earlier) allows remote attackers to coerce the PHP application into including arbitrary local files via crafted requests. Successful exploitation can disclose sensitive files such as wp-config.php and, depending on server configuration, lead to PHP code execution by including attacker-influenced content. No public exploit identified at time of analysis, but the vulnerability is publicly cataloged by Patchstack.