Gunslinger
Monthly
Unauthenticated local file inclusion in the ThemeRex Gunslinger WordPress theme through version 1.7 allows remote attackers to coerce PHP into including arbitrary files from the server filesystem, leading to disclosure of sensitive files and potential remote code execution where attacker-influenced content can be staged. No public exploit identified at time of analysis, but the flaw is reachable without authentication and affects all installations running version 1.7 or earlier of the theme.
Unauthenticated local file inclusion in the ThemeRex Gunslinger WordPress theme through version 1.7 allows remote attackers to coerce PHP into including arbitrary files from the server filesystem, leading to disclosure of sensitive files and potential remote code execution where attacker-influenced content can be staged. No public exploit identified at time of analysis, but the flaw is reachable without authentication and affects all installations running version 1.7 or earlier of the theme.