Reprizo
Monthly
Unauthenticated local file inclusion in the Reprizo WordPress theme by AxiomThemes (versions 1.0.8 and earlier) allows remote attackers to coerce the PHP include/require chain into loading arbitrary server-side files, leading to disclosure of sensitive configuration data and potential code execution if uploaded or log files can be referenced. No public exploit identified at time of analysis, but the issue is tracked by Patchstack as a high-severity flaw against a commercial WordPress theme.
Unauthenticated local file inclusion in the Reprizo WordPress theme by AxiomThemes (versions 1.0.8 and earlier) allows remote attackers to coerce the PHP include/require chain into loading arbitrary server-side files, leading to disclosure of sensitive configuration data and potential code execution if uploaded or log files can be referenced. No public exploit identified at time of analysis, but the issue is tracked by Patchstack as a high-severity flaw against a commercial WordPress theme.