Hitek
Monthly
Unauthenticated local file inclusion in the Xtemos Hitek WordPress theme versions prior to 1.8.3 allows remote attackers to include and execute arbitrary local files on the server via crafted requests, mapped to CWE-98 (Improper Control of Filename for Include/Require Statement in PHP). With a CVSS 3.1 score of 8.1 and high attack complexity but no authentication required, successful exploitation can lead to source code disclosure, sensitive configuration exposure, and potential remote code execution. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Unauthenticated local file inclusion in the Xtemos Hitek WordPress theme versions prior to 1.8.3 allows remote attackers to include and execute arbitrary local files on the server via crafted requests, mapped to CWE-98 (Improper Control of Filename for Include/Require Statement in PHP). With a CVSS 3.1 score of 8.1 and high attack complexity but no authentication required, successful exploitation can lead to source code disclosure, sensitive configuration exposure, and potential remote code execution. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.