Raider Spirit
Monthly
Local File Inclusion in the ThemeREX Raider Spirit WordPress theme versions 1.1.2 and earlier allows unauthenticated remote attackers to include and disclose arbitrary local files via attacker-controlled file paths reaching a PHP include/require sink. The flaw maps to CWE-98 (Improper Control of Filename for Include/Require) and was disclosed through Patchstack with no public exploit identified at time of analysis, though the CVSS 8.1 rating reflects high confidentiality, integrity, and availability impact if the inclusion can be steered to executable PHP content.
Local File Inclusion in the ThemeREX Raider Spirit WordPress theme versions 1.1.2 and earlier allows unauthenticated remote attackers to include and disclose arbitrary local files via attacker-controlled file paths reaching a PHP include/require sink. The flaw maps to CWE-98 (Improper Control of Filename for Include/Require) and was disclosed through Patchstack with no public exploit identified at time of analysis, though the CVSS 8.1 rating reflects high confidentiality, integrity, and availability impact if the inclusion can be steered to executable PHP content.