Eventicity
Monthly
Local File Inclusion in the ThemeRex Eventicity WordPress theme versions 1.5 and earlier allows remote unauthenticated attackers to include and execute arbitrary local files on the server. The flaw is reported by Patchstack and tagged as PHP information disclosure; no public exploit identified at time of analysis, though the unauthenticated network vector makes this a meaningful priority for affected WordPress sites. Successful exploitation can expose sensitive files such as wp-config.php and may enable code execution depending on what files can be reached.
Local File Inclusion in the ThemeRex Eventicity WordPress theme versions 1.5 and earlier allows remote unauthenticated attackers to include and execute arbitrary local files on the server. The flaw is reported by Patchstack and tagged as PHP information disclosure; no public exploit identified at time of analysis, though the unauthenticated network vector makes this a meaningful priority for affected WordPress sites. Successful exploitation can expose sensitive files such as wp-config.php and may enable code execution depending on what files can be reached.