Modernee
Monthly
Unauthenticated Local File Inclusion in the ThemeREX Modernee WordPress theme (versions through 1.6.0) allows remote attackers to coerce the server into including arbitrary local PHP files, enabling information disclosure and potential code execution via log poisoning or session file abuse. Reported by Patchstack and tracked as EUVD-2025-210189, no public exploit identified at time of analysis and the vulnerability is not in CISA KEV. The CVSS 8.1 score reflects high impact across confidentiality, integrity, and availability but with high attack complexity.
Unauthenticated Local File Inclusion in the ThemeREX Modernee WordPress theme (versions through 1.6.0) allows remote attackers to coerce the server into including arbitrary local PHP files, enabling information disclosure and potential code execution via log poisoning or session file abuse. Reported by Patchstack and tracked as EUVD-2025-210189, no public exploit identified at time of analysis and the vulnerability is not in CISA KEV. The CVSS 8.1 score reflects high impact across confidentiality, integrity, and availability but with high attack complexity.