Solene Core
Monthly
Unauthenticated Local File Inclusion in the Solene Core WordPress plugin (versions <= 2.3.2) by elated-themes allows remote attackers to include and execute arbitrary local PHP files on the server without authentication. The CVSS 8.1 rating reflects full confidentiality, integrity, and availability impact, though high attack complexity suggests non-trivial exploitation prerequisites. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauthenticated Local File Inclusion in the Solene Core WordPress plugin (versions <= 2.3.2) by elated-themes allows remote attackers to include and execute arbitrary local PHP files on the server without authentication. The CVSS 8.1 rating reflects full confidentiality, integrity, and availability impact, though high attack complexity suggests non-trivial exploitation prerequisites. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.