Resurs
Monthly
Unauthenticated Local File Inclusion in the ThemeREX Resurs WordPress theme versions 1.3 and below allows remote attackers to include and execute arbitrary local files on the server. The flaw, tracked under CWE-98 (Improper Control of Filename for Include/Require), enables disclosure of sensitive files and potential code execution depending on server configuration. No public exploit identified at time of analysis, though Patchstack has confirmed the issue against the affected theme.
Unauthenticated Local File Inclusion in the ThemeREX Resurs WordPress theme versions 1.3 and below allows remote attackers to include and execute arbitrary local files on the server. The flaw, tracked under CWE-98 (Improper Control of Filename for Include/Require), enables disclosure of sensitive files and potential code execution depending on server configuration. No public exploit identified at time of analysis, though Patchstack has confirmed the issue against the affected theme.