Learnify
Monthly
Unauthenticated Local File Inclusion in the Learnify WordPress theme (versions up to and including 1.15.0) allows remote attackers to read arbitrary files from the underlying server without credentials. Patchstack catalogued the issue as a PHP file inclusion flaw (CWE-98) and no public exploit was identified at time of analysis, though the WordPress theme ecosystem makes targeted scanning likely. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability, tempered by high attack complexity.
Unauthenticated Local File Inclusion in the Learnify WordPress theme (versions up to and including 1.15.0) allows remote attackers to read arbitrary files from the underlying server without credentials. Patchstack catalogued the issue as a PHP file inclusion flaw (CWE-98) and no public exploit was identified at time of analysis, though the WordPress theme ecosystem makes targeted scanning likely. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability, tempered by high attack complexity.