Dazzle
Monthly
Unauthenticated Local File Inclusion affects the Dazzle WordPress theme (by ThemeRex) in versions up to and including 1.0.0, allowing remote attackers to read or potentially include arbitrary local files on the server. The flaw stems from improper control of filename parameters used in PHP include/require statements (CWE-98), and no public exploit has been identified at time of analysis. With a CVSS 8.1 reflecting high attack complexity but no authentication, the vulnerability is reachable by anonymous attackers but requires specific conditions to weaponize fully.
Unauthenticated Local File Inclusion affects the Dazzle WordPress theme (by ThemeRex) in versions up to and including 1.0.0, allowing remote attackers to read or potentially include arbitrary local files on the server. The flaw stems from improper control of filename parameters used in PHP include/require statements (CWE-98), and no public exploit has been identified at time of analysis. With a CVSS 8.1 reflecting high attack complexity but no authentication, the vulnerability is reachable by anonymous attackers but requires specific conditions to weaponize fully.