Grecko
Monthly
Unauthenticated local file inclusion in the ThemeRex Grecko WordPress theme versions 5.17 and earlier allows remote attackers to coerce the application into including arbitrary files from the server filesystem, potentially leading to sensitive file disclosure and PHP code execution where attacker-controlled content can be reached. The flaw is reachable without authentication over HTTP and was disclosed via Patchstack with no public exploit identified at time of analysis. CVSS is rated 8.1 with high attack complexity, indicating exploitation is feasible but not trivially automatable.
Unauthenticated local file inclusion in the ThemeRex Grecko WordPress theme versions 5.17 and earlier allows remote attackers to coerce the application into including arbitrary files from the server filesystem, potentially leading to sensitive file disclosure and PHP code execution where attacker-controlled content can be reached. The flaw is reachable without authentication over HTTP and was disclosed via Patchstack with no public exploit identified at time of analysis. CVSS is rated 8.1 with high attack complexity, indicating exploitation is feasible but not trivially automatable.