Impact
An unauthenticated Local File Inclusion flaw exists in the Top Dog theme for WordPress versions 1.0.5 and earlier. The flaw allows an attacker to craft an URL or request that causes the theme to load arbitrary files from the server’s filesystem. This can lead to disclosure of sensitive files, configuration information, and potentially remote code execution if the server runs the included file as PHP. The weakness corresponds to CWE‑98 and can be exploited without authentication.
Affected Systems
WordPress installations that use the ThemeREX Top Dog theme version 1.0.5 or older are affected. All other versions of the theme are not impacted.
Risk and Exploitability
The vulnerability has a high CVSS score of 8.1 and an EPSS score of less than 1 %, indicating a low current probability of exploitation. It is not listed in the CISA KEV catalog. The likely attack vector is an unauthenticated request that includes a malicious file path, inferred from the description of the LFI flaw. No additional prerequisites are mentioned in the data.
OpenCVE Enrichment