Impact
An unauthenticated Local File Inclusion flaw exists in the Especio theme for WordPress versions 1.0 and earlier. The vulnerability allows an attacker to manipulate the template file path used by the theme, which can lead to reading of any local file on the web server. The description does not provide evidence of remote code execution, so the primary impact is the disclosure of sensitive files that may exist on the server.
Affected Systems
The Especio theme from ThemeREX is affected. Any WordPress site that has installed Especio version 1.0 or lower is considered vulnerable. No additional sub‑version details are provided, therefore all releases up to 1.0 are at risk.
Risk and Exploitability
The CVSS score of 8.1 indicates a high severity flaw. The EPSS score of less than 1 % shows that exploitation events are currently rare, and the vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the flaw through crafted HTTP requests that control the theme’s template path logic, implying a network‑based attack vector with unauthenticated access. If maliciously supplied PHP files are included, they could potentially be executed, but the description does not confirm this outcome. Detection would typically involve monitoring logs for abnormal file read attempts.
OpenCVE Enrichment