Deliciosa
Monthly
Unauthenticated local file inclusion in the ThemeRex Deliciosa WordPress theme (versions up to and including 1.10.0) allows remote attackers to coerce the PHP application into including arbitrary local files, potentially leading to sensitive file disclosure and code execution. The flaw is reachable without authentication but carries high attack complexity per the CVSS vector, and no public exploit identified at time of analysis. Patchstack disclosed the issue and tracks it as EUVD-2025-210199.
Unauthenticated local file inclusion in the ThemeRex Deliciosa WordPress theme (versions up to and including 1.10.0) allows remote attackers to coerce the PHP application into including arbitrary local files, potentially leading to sensitive file disclosure and code execution. The flaw is reachable without authentication but carries high attack complexity per the CVSS vector, and no public exploit identified at time of analysis. Patchstack disclosed the issue and tracks it as EUVD-2025-210199.