Especio
Monthly
Unauthenticated Local File Inclusion in the ThemeRex Especio WordPress theme (versions ≤ 1.0) allows remote attackers to coerce the PHP application into including arbitrary files from the underlying server. Because the include path is attacker-controlled and no authentication is required, the flaw can lead to disclosure of sensitive files (wp-config.php, system files) and, depending on local file primitives available on the server, escalation to code execution. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.
Unauthenticated Local File Inclusion in the ThemeRex Especio WordPress theme (versions ≤ 1.0) allows remote attackers to coerce the PHP application into including arbitrary files from the underlying server. Because the include path is attacker-controlled and no authentication is required, the flaw can lead to disclosure of sensitive files (wp-config.php, system files) and, depending on local file primitives available on the server, escalation to code execution. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.