Impact
Unauthenticated Local File Inclusion in the CopyPress theme up to version 1.4.5 allows an attacker to request arbitrary local files through crafted web requests. This weakness can expose sensitive configuration files, passwords, or even enable further exploitation such as code execution if the attacker can trigger a PHP file inclusion. The impact is high because it permits remote access to files on the server without requiring any authentication.
Affected Systems
The affected product is the CopyPress theme by ThemeREX. All installations running versions 1.4.5 or earlier are vulnerable. No additional vendor or product identifiers are listed beyond the theme name.
Risk and Exploitability
The CVSS score of 8.1 indicates a high severity vulnerability. The EPSS score of less than 1% suggests that exploitation attempts are currently rare, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the lack of authentication and the local file access nature mean that an attacker can deliver the exploit over the network, likely via a URL parameter manipulation. Because of the high impact and the fact that the flaw is unauthenticated, the risk to exposed systems remains significant.
OpenCVE Enrichment