Rosaleen
Monthly
Unauthenticated remote local file inclusion in the Rosaleen WordPress theme versions 2.8 and earlier allows attackers to coerce the PHP application into including arbitrary files via a CWE-98 remote file inclusion/path traversal flaw. The issue was reported by Patchstack and affects the ThemeREX-developed Rosaleen theme; no public exploit identified at time of analysis, though the unauthenticated network vector makes opportunistic targeting plausible.
Unauthenticated remote local file inclusion in the Rosaleen WordPress theme versions 2.8 and earlier allows attackers to coerce the PHP application into including arbitrary files via a CWE-98 remote file inclusion/path traversal flaw. The issue was reported by Patchstack and affects the ThemeREX-developed Rosaleen theme; no public exploit identified at time of analysis, though the unauthenticated network vector makes opportunistic targeting plausible.