Granola
Monthly
Unauthenticated Local File Inclusion in the ThemeREX Granola WordPress theme through version 1.13 allows remote attackers to coerce the PHP runtime into including arbitrary files via attacker-controlled path input. The flaw is reachable over the network without credentials or user interaction and can expose sensitive site files such as wp-config.php, potentially escalating to code execution if log-poisoning or session-file techniques are viable. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauthenticated Local File Inclusion in the ThemeREX Granola WordPress theme through version 1.13 allows remote attackers to coerce the PHP runtime into including arbitrary files via attacker-controlled path input. The flaw is reachable over the network without credentials or user interaction and can expose sensitive site files such as wp-config.php, potentially escalating to code execution if log-poisoning or session-file techniques are viable. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.