Skyward
Monthly
Unauthenticated local file inclusion in ThemeRex Skyward WordPress theme versions 1.10 and earlier allows remote attackers to include and execute arbitrary local PHP files on the server, enabling sensitive file disclosure and potential remote code execution. The flaw is reachable without authentication over the network and no public exploit has been identified at time of analysis, though Patchstack has catalogued the issue in their vulnerability database. CVSS rates the impact as 8.1 (High) reflecting full confidentiality, integrity, and availability compromise despite high attack complexity.
Unauthenticated local file inclusion in ThemeRex Skyward WordPress theme versions 1.10 and earlier allows remote attackers to include and execute arbitrary local PHP files on the server, enabling sensitive file disclosure and potential remote code execution. The flaw is reachable without authentication over the network and no public exploit has been identified at time of analysis, though Patchstack has catalogued the issue in their vulnerability database. CVSS rates the impact as 8.1 (High) reflecting full confidentiality, integrity, and availability compromise despite high attack complexity.