The vulnerability is a path traversal flaw that allows PHP local file inclusion within the Mikado‑Themes Wanderland WordPress theme. By manipulating the path, an attacker can include arbitrary files on the server, which may expose sensitive information or enable remote code execution if malicious files are injected or if existing server files are read and executed. The CVSS score of 8.1 reflects the high impact of this flaw.

Mikado‑Themes Wanderland theme for WordPress, affecting all releases from the original version up through 1.7.1. The vulnerability is present in every installation that uses Wanderland version 1.7.1 or older, regardless of additional plugins or theme customizations.

The EPSS score of less than 1% indicates that, so far, the exploit probability is low, and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, its high CVSS rating means that it could be highly damaging if discovered by attackers. Likely attack vectors involve HTTP requests that target the theme’s publicly accessible files – for example, manipulating query parameters or file paths supplied to theme functions. This suggests the vulnerability could be triggered by unauthenticated users, but the exact conditions are not explicitly stated in the description, so further analysis of the theme’s code would be required to confirm authentication requirements.