Impact
The Mission theme (versions 1.22 and earlier) contains an unauthenticated Local File Inclusion flaw that allows an attacker to read the contents of arbitrary files on the server. By supplying a crafted input, malicious parties can retrieve sensitive configuration files or potentially include malicious files to gain further control of the system.
Affected Systems
Vendors: ThemeREX. Product: Mission theme. Affected versions: 1.22 and earlier of the WordPress Mission theme.
Risk and Exploitability
The CVSS score of 8.1 reflects significant impact, while the EPSS score of <1% suggests that exploitation is uncommon but still possible. The vulnerability is not listed in the CISA KEV catalog. Since the flaw is unauthenticated, an attacker can leverage it from any visitor to the site by crafting a request that manipulates the include path to read local files.
OpenCVE Enrichment