Planty
Monthly
Unauthenticated local file inclusion in the Planty WordPress theme versions 1.14.0 and earlier allows remote attackers to coerce the PHP application into including arbitrary files from the server filesystem, leading to disclosure of sensitive configuration data and potential code execution. The flaw is reachable without credentials over the network but rated AC:H, indicating exploitation requires meeting specific conditions; no public exploit identified at time of analysis and the issue is tracked by Patchstack and ENISA EUVD-2025-210193.
Unauthenticated local file inclusion in the Planty WordPress theme versions 1.14.0 and earlier allows remote attackers to coerce the PHP application into including arbitrary files from the server filesystem, leading to disclosure of sensitive configuration data and potential code execution. The flaw is reachable without credentials over the network but rated AC:H, indicating exploitation requires meeting specific conditions; no public exploit identified at time of analysis and the issue is tracked by Patchstack and ENISA EUVD-2025-210193.