Impact
The Abelle WordPress theme contains an unauthenticated Local File Inclusion vulnerability in versions 1.22 and earlier. A flaw allows an attacker to request the inclusion of arbitrary local files on the file system. This potentially allows the attacker to read sensitive files or otherwise manipulate the server environment.
Affected Systems
WordPress sites that have installed the ThemeREX Abelle theme version 1.22 or earlier are affected.
Risk and Exploitability
The CVSS score of 8.1 indicates high severity, while the EPSS score of less than 1% indicates a low probability of public exploitation at this time. The vulnerability is not listed in the CISA KEV catalog.
OpenCVE Enrichment