Lfi

ThemeREX Aqualots through version 1.1.6 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files on the affected server. The vulnerability stems from improper validation of filename parameters in include/require statements, enabling attackers to traverse directories and access sensitive data. No patch is currently available for this issue.

Improper input validation in ThemeREX Filmax versions up to 1.1.11 allows unauthenticated attackers to include and execute arbitrary local files through PHP include/require statements, potentially leading to remote code execution. An attacker can exploit this vulnerability over the network without user interaction to read sensitive files or execute malicious code with the privileges of the web server. No patch is currently available for this vulnerability.

Local file inclusion in ThemeREX Run Gran up to version 2.0 allows unauthenticated attackers to read arbitrary files from the affected system through improper handling of file include/require statements in PHP. With a CVSS score of 8.1, this vulnerability enables confidentiality and integrity compromise, though currently no patch is available.

ThemeREX Mahogany through version 2.9 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files on affected systems. The vulnerability stems from improper validation of file inclusion parameters, enabling attackers to traverse the filesystem and access sensitive data. No patch is currently available for this vulnerability.

ThemeREX Bazinga version 1.1.9 and earlier contains a local file inclusion vulnerability in its PHP include/require statement handling that could allow an attacker to read sensitive files on affected systems. The vulnerability has a high CVSS score of 8.1 and impacts confidentiality, integrity, and availability, though no patch is currently available.

ThemeREX Windsor through version 2.5.0 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filenames used in PHP include/require statements, enabling attackers to access sensitive system files and application data. No patch is currently available for this high-severity issue.

PHP Local File Inclusion in axiomthemes Conquerors through version 1.2.13 enables attackers to read arbitrary files on affected systems through improper validation of file include/require statements. The vulnerability requires network access but no authentication or user interaction, allowing unauthorized information disclosure and potential code execution. No patch is currently available for this issue.

ThemeREX Vapester versions 1.1.10 and earlier contain a local file inclusion vulnerability in their PHP include/require handling that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability stems from improper input validation on filename parameters, enabling attackers to traverse the filesystem and access sensitive configuration files or source code. Currently, no patch is available for this vulnerability.

ThemeREX Le Truffe versions 1.1.7 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files on affected systems. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive data without authentication. No patch is currently available for this vulnerability.

ThemeREX Rhythmo versions 1.3.4 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The flaw stems from improper validation of include/require statements, enabling attackers to access sensitive information without authentication or user interaction. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

Local file inclusion in ThemeREX Bassein through version 1.0.15 enables unauthenticated attackers to read arbitrary files on affected servers via improper input validation in file inclusion functions. The vulnerability allows attackers with network access to disclose sensitive configuration files, credentials, and source code without authentication. No patch is currently available, leaving affected installations at risk until an update is released.

Local file inclusion in ThemeREX Legrand through version 2.17 allows unauthenticated attackers to read arbitrary files on the server due to improper validation of include/require statements in PHP. An attacker can exploit this vulnerability over the network without user interaction to access sensitive files and potentially execute arbitrary code. No patch is currently available for this vulnerability.

ThemeREX Eject plugin versions 2.17 and earlier for PHP contains a local file inclusion vulnerability that allows attackers to read arbitrary files on the server through improper handling of file include statements. An unauthenticated remote attacker can exploit this over the network to access sensitive files or potentially achieve code execution depending on server configuration. No patch is currently available for this vulnerability.

ThemeREX Edge Decor plugin versions 2.2 and earlier contain a local file inclusion vulnerability in PHP that enables attackers to read sensitive files from the affected server without authentication. The improper handling of file inclusion parameters allows remote adversaries to access arbitrary local files, potentially exposing configuration data, credentials, or other sensitive information. No patch is currently available for this vulnerability.

ThemeREX Asia Garden plugin version 1.3.1 and earlier for PHP contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to access sensitive configuration files and other restricted data. No patch is currently available for this high-severity issue affecting websites using vulnerable versions of the plugin.

ThemeREX Happy Baby WordPress theme through version 1.2.12 contains a local file inclusion vulnerability in its PHP file handling that enables unauthenticated attackers to read arbitrary files from the server. The improper validation of filenames in include/require statements allows an attacker with network access to exploit this weakness without user interaction. Currently no patch is available, though the vulnerability has a relatively low exploitation probability of 0.2%.

ThemeREX Tiger Claw plugin through version 1.1.14 contains a local file inclusion vulnerability in its PHP file handling that enables unauthenticated remote attackers to read arbitrary files from the server. The weak filename validation allows attackers to manipulate include/require statements to access sensitive data such as configuration files containing database credentials or private keys. No patch is currently available, and exploitation requires moderate attack complexity but poses high risk to confidentiality and integrity of affected systems.

Local file inclusion in ThemeREX S.King through version 1.5.3 enables unauthenticated attackers to read arbitrary files from the server through improper handling of include/require statements in PHP. This high-severity vulnerability (CVSS 8.1) allows disclosure of sensitive information and potential code execution, with no patch currently available.

ThemeREX Dermatology Clinic plugin for PHP versions up to 1.4.3 contains a local file inclusion vulnerability in its filename handling logic that allows unauthenticated attackers to read sensitive files from the server. An attacker can exploit this vulnerability over the network without user interaction to access arbitrary files and potentially execute code on affected systems. No patch is currently available, and exploitation attempts have a low probability of success due to high attack complexity.

ThemeREX Dixon versions up to 1.4.2.1 contain a local file inclusion vulnerability in PHP that enables attackers to read arbitrary files from the affected server. An unauthenticated remote attacker can exploit this weakness to access sensitive information and potentially execute arbitrary code by manipulating file inclusion parameters. No patch is currently available for this vulnerability.

ThemeREX Mandala through version 2.8 contains a local file inclusion vulnerability in PHP that permits unauthenticated attackers to read arbitrary files from the affected server. An attacker can exploit improper filename validation in include/require statements to access sensitive files and potentially execute arbitrary code. No patch is currently available for this vulnerability.

ThemeREX MCKinney's Politics plugin versions up to 1.2.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on affected servers. The flaw stems from improper validation of file paths in PHP include/require statements, enabling attackers to access sensitive configuration files and potentially execute code. No patch is currently available for this vulnerability.

ThemeREX M.Williamson versions 1.2.11 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files on the affected server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive system files. No patch is currently available for this vulnerability.

Local file inclusion in ThemeREX Legal Stone PHP plugin through version 1.2.11 enables attackers to read sensitive files from the affected server without authentication. The vulnerability stems from improper validation of file paths in include/require statements, allowing an attacker to traverse directories and access arbitrary files on the system. With a CVSS score of 8.1 and no patch currently available, affected installations face high risk of information disclosure.

Local file inclusion in ThemeREX Miller through version 1.3.3 allows unauthenticated attackers to read arbitrary files on affected systems through improper handling of file inclusion parameters. The vulnerability enables attackers to access sensitive configuration files and potentially execute code by including PHP files containing malicious payloads. No patch is currently available.

Local file inclusion in ThemeREX Peter Mason PHP theme versions 1.4.5 and earlier enables unauthenticated attackers to read arbitrary files from the server through improper input validation on include/require statements. The vulnerability has a high CVSS score of 8.1 and could allow attackers to access sensitive configuration files or source code, though no patch is currently available.

ThemeREX Yacht Rental plugin version 2.6 and earlier contains a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files on the server. An attacker can exploit improper input validation in the include/require mechanism to access sensitive files by manipulating filename parameters. No patch is currently available for this vulnerability.

ThemeREX Beacon through version 2.24 contains a local file inclusion vulnerability that enables attackers to read arbitrary files from the affected server through improper handling of include/require statements. An unauthenticated remote attacker can exploit this vulnerability to access sensitive files and potentially achieve code execution. No patch is currently available for this vulnerability.

ThemeREX Police Department plugin version 2.17 and earlier for PHP contains a local file inclusion vulnerability that permits unauthenticated attackers to read arbitrary files on the server through improper input validation on include/require statements. An attacker can exploit this to access sensitive configuration files, credentials, or other confidential data stored on the affected web server.

Improper file inclusion handling in magentech FlashMart version 2.0.15 and earlier enables local file inclusion attacks on PHP-based installations. An unauthenticated attacker with network access can exploit this vulnerability to read arbitrary files or potentially execute code on affected systems. No patch is currently available, though exploitation requires specific conditions (high attack complexity).

Local and remote file inclusion in Magento Victo through version 1.4.16 enables attackers to execute arbitrary code or access sensitive files on affected systems. The vulnerability stems from improper input validation in file inclusion mechanisms, allowing unauthenticated attackers to manipulate file paths over the network. With no patch currently available, organizations running vulnerable versions face significant risk of compromise.

ThemeREX Law Office plugin for PHP through version 3.3.0 is vulnerable to local file inclusion via improper handling of file include/require statements, enabling attackers to read arbitrary files on the affected server. An unauthenticated remote attacker can exploit this vulnerability over the network to access sensitive data without user interaction. No patch is currently available for this vulnerability.

Local file inclusion in ThemeREX N7 Golf Club Sports & Events plugin through version 2.16.0 allows unauthenticated remote attackers to read arbitrary files on affected WordPress installations. The vulnerability stems from improper validation of file inclusion parameters, enabling an attacker to access sensitive configuration files and potentially extract credentials or database information. No patch is currently available.

The ThemeREX Healer WordPress theme through version 1.0.0 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server through improper handling of file include statements. An attacker can exploit this to access sensitive configuration files, database credentials, and other protected data without authentication. No patch is currently available and exploitation requires no user interaction.

AncoraThemes Grit theme versions up to 1.0.1 contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files on affected servers. The flaw stems from improper input validation on file include/require statements, enabling attackers to manipulate file paths and access sensitive system data. No patch is currently available for this vulnerability.

wpDataTables through version 6.5.0.1 contains a local file inclusion vulnerability in its file handling mechanism that allows authenticated attackers to read sensitive files from the server. An attacker with login credentials can exploit this weakness to access arbitrary files on the system, potentially exposing configuration files, credentials, or other confidential data. No patch is currently available for this vulnerability.

ThemeREX Printy version 1.8 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files on the affected server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to bypass directory restrictions and access sensitive system files. No patch is currently available for this vulnerability.

ThemeREX Progress versions through 1.2 contain a local file inclusion vulnerability in PHP that enables attackers to read arbitrary files from the server without authentication. The improper handling of file paths in include/require statements allows remote attackers to access sensitive system files and potentially execute code through crafted requests. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

ThemeREX Edifice through version 1.8 contains a local file inclusion vulnerability in PHP that enables unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability stems from improper validation of file paths in include/require statements, allowing attackers to traverse the filesystem and access sensitive data. No patch is currently available for this high-severity issue.

Local file inclusion in ThemeREX Tuning plugin version 1.3 and earlier for PHP allows unauthenticated remote attackers to read arbitrary files on affected servers through improper input validation on file inclusion parameters. The vulnerability requires specific conditions to exploit (high complexity) but carries high impact potential including information disclosure and potential code execution. No patch is currently available for this vulnerability.

ThemeREX Invetex version 2.18 and earlier contains a local file inclusion vulnerability in its PHP include/require handling that permits attackers to read arbitrary files on the affected server without authentication. The flaw stems from improper filename validation and could enable attackers to access sensitive configuration files or application source code. No patch is currently available for this vulnerability.

ThemeREX Bonbon through version 1.6 contains a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files on the server. An attacker can exploit improper handling of file inclusion statements to access sensitive system files or application data. No patch is currently available for this vulnerability.

ThemeREX EmojiNation plugin versions 1.0.12 and earlier contain a local file inclusion vulnerability that allows unauthenticated remote attackers to read arbitrary files on the server by manipulating include/require statements in PHP. The vulnerability has a high attack complexity but could enable full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available, making this a significant risk for affected installations.

Local file inclusion in ThemeREX MoneyFlow version 1.0 and earlier enables unauthenticated remote attackers to read arbitrary files on the server through improper input validation on file inclusion parameters. The vulnerability requires specific conditions to exploit (high complexity) but could lead to full system compromise including confidentiality, integrity, and availability impacts. No patch is currently available for this vulnerability.

ThemeREX Kayon through version 1.3 contains a local file inclusion vulnerability in its PHP code that enables attackers to read arbitrary files on the affected server without authentication. The vulnerability stems from improper validation of file paths in include/require statements, allowing remote exploitation with high impact on confidentiality and integrity. No patch is currently available for this vulnerability.

ThemeREX Motorix versions 1.6 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive data without authentication. No patch is currently available for this issue.

ThemeREX Stargaze versions 1.5 and earlier contain a PHP local file inclusion vulnerability that allows unauthenticated remote attackers to read arbitrary files on affected servers. The vulnerability stems from improper validation of file inclusion parameters in PHP programs, enabling attackers to manipulate include/require statements to access sensitive data. No patch is currently available for this high-severity flaw.

Axiomthemes Helion through version 1.1.12 contains a local file inclusion vulnerability in its PHP program that allows attackers to include arbitrary files via improper filename control. An unauthenticated remote attacker can exploit this to read sensitive files or achieve code execution with high confidence. No patch is currently available for this vulnerability.

Local file inclusion in ThemeREX Nuts plugin version 1.10 and earlier allows unauthenticated remote attackers to read arbitrary files from affected servers through improper validation of include/require statements. The vulnerability requires specific conditions to exploit but could lead to information disclosure or potential code execution depending on accessible files. No patch is currently available, and exploitation requires moderately complex attack conditions.

Local file inclusion in ThemeREX Foodie plugin version 1.14 and earlier for PHP allows unauthenticated remote attackers to read arbitrary files on the server through improper input validation in file inclusion functions. The vulnerability requires specific conditions to exploit (high attack complexity) but provides complete compromise potential including confidentiality, integrity, and availability impacts. No patch is currently available.

Improper file inclusion validation in ThemeREX Craftis through version 1.2.8 enables attackers to read arbitrary files from the server via crafted include/require statements. This network-accessible vulnerability requires no authentication or user interaction and allows complete compromise of confidentiality, integrity, and availability. No patch is currently available.

ThemeREX Chroma versions up to 1.11 contain a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files from the server through improper handling of file include statements. While no patch is currently available, the low EPSS score suggests limited practical exploitability despite the high CVSS rating.

ThemeREX Manoir version 1.11 and earlier contains a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files from the server through improper handling of include/require statements. An attacker can exploit this to disclose sensitive configuration files, source code, or other sensitive data accessible to the web server process. No patch is currently available, though the exploit difficulty is elevated and public exploitation is not yet widespread (EPSS 0.2%).

ThemeREX Global Logistics versions 3.20 and earlier are vulnerable to local file inclusion through improper handling of file paths in PHP include/require statements, enabling attackers to read arbitrary files from the affected system. The vulnerability requires network access but no authentication, and an attacker could leverage this to access sensitive configuration files or application source code. No patch is currently available for this issue.

ThemeREX Green Thumb plugin version 1.1.12 and earlier contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability stems from improper validation of filenames used in include/require statements, enabling file disclosure without authentication. No patch is currently available for this vulnerability.

Improper file inclusion handling in ThemeREX Luxury Wine plugin version 1.1.14 and earlier enables attackers to read arbitrary files on affected servers through local file inclusion attacks. The vulnerability requires network access but no authentication, allowing extraction of sensitive configuration data and source code. No patch is currently available for this high-severity issue affecting PHP-based WordPress installations.

ThemeREX ShiftCV versions up to 3.0.14 are vulnerable to local file inclusion through improper input validation in PHP include/require statements, allowing attackers to read arbitrary files on the affected server. With a CVSS score of 8.1, this vulnerability enables high-impact attacks including information disclosure and potential code execution, though exploitation requires specific conditions. No patch is currently available for affected installations.

ThemeREX Translogic through version 1.2.11 contains a local file inclusion vulnerability in PHP that enables attackers to read and potentially execute arbitrary files on affected systems without authentication. The improper handling of file include/require statements allows an attacker to manipulate filename inputs and access sensitive server files. No patch is currently available, and exploitation requires specific conditions (network accessible, no user interaction required).

Improper file inclusion handling in ThemeREX Kratz plugin versions 1.0.12 and earlier enables attackers to read arbitrary files from affected systems through a local file inclusion vulnerability. An unauthenticated attacker can exploit this over the network to access sensitive configuration files and other protected data without authentication. No patch is currently available for this high-severity vulnerability affecting PHP-based installations.

ThemeREX Gridiron through version 1.0.14 contains a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files from the server by manipulating include/require statements. The vulnerability requires specific conditions to be met (AC:H) but could lead to full system compromise including confidentiality and integrity breaches. No patch is currently available, and exploitation remains unlikely in the near term based on current threat metrics.

ThemeREX Yottis plugin version 1.0.10 and earlier contains a local file inclusion vulnerability in PHP that permits unauthenticated attackers to read arbitrary files on the server through improper input validation on file inclusion parameters. The vulnerability requires specific conditions to exploit (high attack complexity) but could lead to complete system compromise including confidential data exposure and code execution. No patch is currently available for affected installations.

ThemeREX Scientia plugin versions 1.2.4 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filename parameters in include/require statements, enabling attackers to traverse the filesystem and access sensitive data. With no patch currently available, affected PHP installations running vulnerable versions of Scientia are at immediate risk.

ThemeREX DroneX versions up to 1.1.12 contain a PHP local file inclusion vulnerability that allows unauthenticated remote attackers to read arbitrary files on the server. The vulnerability stems from improper validation of file paths in include/require statements, potentially enabling information disclosure or further system compromise. No patch is currently available for this issue.

ThemeREX Coinpress through version 1.0.14 contains a local file inclusion vulnerability in its PHP include/require handling that enables unauthenticated attackers to read arbitrary files from the affected server. The vulnerability has a high severity rating (CVSS 8.1) and currently lacks a security patch. Attackers can leverage this flaw to access sensitive configuration files, credentials, and other protected data accessible to the web server process.

ThemeREX Yungen plugin versions 1.0.12 and earlier contain a local file inclusion vulnerability in PHP file handling that allows attackers to read arbitrary files on the server. An unauthenticated remote attacker can exploit this weakness to access sensitive information or potentially execute code by manipulating filename parameters in include/require statements. No patch is currently available for this vulnerability.

ThemeREX Vixus through version 1.0.16 contains a local file inclusion vulnerability in its PHP include/require handling that enables attackers to read arbitrary files from the affected server. An unauthenticated remote attacker can exploit this by crafting malicious requests to access sensitive files and potentially execute arbitrary code. No patch is currently available, and exploitation requires specific conditions that increase the attack complexity.

ThemeREX Maxify through version 1.0.16 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse directories and access sensitive data. Currently no patch is available to remediate this issue.

ThemeREX Lingvico through version 1.0.14 contains a local file inclusion vulnerability in its PHP file handling that enables attackers to read arbitrary files on the affected system. The vulnerability requires network access but no authentication or user interaction, allowing an attacker to potentially disclose sensitive server information. No patch is currently available for this issue.

ThemeREX Justitia through version 1.1.0 contains a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files on the server through improper control of file inclusion statements. This vulnerability has a CVSS score of 8.1, indicating high severity with potential for both information disclosure and system compromise. No patch is currently available, leaving affected installations vulnerable to exploitation.

ThemeREX Tediss versions 1.2.4 and earlier contain a local file inclusion vulnerability in their PHP include/require functionality, allowing unauthenticated attackers to read arbitrary files from the server. The vulnerability requires specific conditions to exploit (high complexity) but carries high impact including potential information disclosure and code execution. No patch is currently available for affected installations.

Local file inclusion in ThemeREX Aldo through version 1.0.10 enables unauthenticated attackers to read arbitrary files on the server through improper handling of include/require statements. The vulnerability allows remote attackers to access sensitive system files and potentially execute code with no authentication required. No patch is currently available for this high-severity flaw.

ThemeREX Meals & Wheels plugin version 1.1.12 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server through improper handling of include/require statements. An attacker can exploit this vulnerability to access sensitive configuration files, source code, or other protected content without authentication. No patch is currently available, and exploitation difficulty is moderate with a CVSS score of 8.1 indicating high impact on confidentiality, integrity, and availability.

ThemeREX Avventure versions 1.1.12 and earlier contain a local file inclusion vulnerability in PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper validation of filenames in include/require statements, enabling attackers to traverse directories and access sensitive information. No patch is currently available for affected installations.

ThemeREX ConFix version 1.013 and earlier contains a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability stems from improper validation of file paths in include/require statements, enabling attackers to traverse directories and access sensitive configuration files or source code. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

ThemeREX Quanzo version 1.0.10 and earlier contains a local file inclusion vulnerability in PHP that allows unauthenticated attackers to read arbitrary files through improper handling of include/require statements. The high CVSS score of 8.1 reflects the potential for confidentiality and integrity compromise, though exploitation requires specific conditions. No patch is currently available for affected installations.

ThemeREX Equadio versions 1.1.3 and earlier contain a local file inclusion vulnerability in their PHP implementation that allows attackers to manipulate filename parameters in include/require statements to read arbitrary files from the system. An attacker with network access can exploit this vulnerability to disclose sensitive information such as configuration files or source code. No patch is currently available for this issue.

ThemeREX The Qlean WordPress theme through version 2.12 contains a local file inclusion vulnerability in its PHP file handling that enables attackers to read arbitrary files from the server. The vulnerability requires no authentication and can be exploited remotely to access sensitive configuration files and source code. While no patch is currently available, the relatively low EPSS score suggests limited real-world exploitation at this time.

ThemeREX OsTende versions up to 1.4.3 contain a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files on the server. The vulnerability stems from improper validation of filename parameters in include/require statements, enabling attackers to access sensitive configuration files and application data. No patch is currently available for this issue.

Local file inclusion in ThemeREX Humanum through version 1.1.4 enables attackers to read arbitrary files on the server by exploiting improper input validation in file inclusion mechanisms. The vulnerability requires network access but no authentication or user interaction, allowing complete compromise of confidentiality and integrity with high impact. No patch is currently available.

RadiusTheme Metro versions 2.13 and earlier are susceptible to local file inclusion through improper input validation in PHP include/require statements, enabling attackers to read arbitrary files on the server. An unauthenticated remote attacker can exploit this vulnerability over the network to access sensitive information or potentially execute arbitrary code. No patch is currently available for this vulnerability.

PHP Local File Inclusion in Aora through version 1.3.15 enables unauthenticated remote attackers to read arbitrary files on affected systems through improper validation of file inclusion parameters. The vulnerability carries a CVSS score of 8.1 with high impact across confidentiality, integrity, and availability, though no patch is currently available.

Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit is affected by php remote file inclusion (CVSS 8.1).

Mikado-Themes TopScorer - Sports WordPress Theme topscorer is affected by php remote file inclusion (CVSS 8.1).

The AncoraThemes Apollo | Night Club, DJ Event WordPress Theme through version 1.3.1 contains a PHP local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files on the server. This CWE-98 weakness in improper filename control could enable attackers to access sensitive configuration files or other protected data. No patch is currently available for affected installations.

The Buzz Stone WordPress theme through version 1.0.2 contains a local file inclusion vulnerability in its PHP code that allows unauthenticated attackers to read arbitrary files on the affected server. With network access and no user interaction required, an attacker can leverage improper input validation in file inclusion functions to access sensitive data or potentially execute code. No patch is currently available for this vulnerability affecting WordPress installations using the vulnerable theme versions.

The Chronicle WordPress theme version 1.0 and earlier contains a local file inclusion vulnerability in its PHP code that allows unauthenticated attackers to read arbitrary files from the affected server. An attacker can exploit this weakness to access sensitive configuration files, database credentials, or other confidential data stored on the web server. Currently, no patch is available and the vulnerability has a 0.2% probability of exploitation according to EPSS scoring.

The Consultor WordPress theme through version 1.2.4 contains a local file inclusion vulnerability in its PHP include/require handling that allows unauthenticated remote attackers to read arbitrary files on the server. An attacker can exploit this weakness to access sensitive configuration files, database credentials, and other confidential data. Currently no patch is available, leaving all affected installations vulnerable.

The Ekoterra WordPress theme through version 1.0.0 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. This high-severity flaw (CVSS 8.1) stems from improper validation of file paths in include/require statements, enabling attackers to access sensitive configuration files and other protected data. No patch is currently available for affected installations.

PHP Local File Inclusion in dan_fisher Alchemists versions through 4.6.0 allows unauthenticated remote attackers to read arbitrary files on affected servers through improper handling of file inclusion statements. The vulnerability requires specific network conditions to exploit but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

The AC Services WordPress theme through version 1.2.5 contains a local file inclusion vulnerability in PHP that enables unauthenticated remote attackers to read arbitrary files on affected servers. This high-severity flaw allows attackers to access sensitive configuration files and potentially extract credentials or other confidential data. WordPress installations using this theme should upgrade immediately as no patch is currently available.