Impact
The Printo theme for WordPress contains an unauthenticated vulnerability that allows an attacker to include arbitrary local files. This flaw is a classic Local File Inclusion weakness, classified as CWE‑98, and can enable the reading of sensitive files such as configuration files or database credentials if the included file is properly chosen. The impact is primarily the disclosure of confidential data and can potentially lead to further compromise if an attacker can include executable code.
Affected Systems
The vulnerability affects the Printo theme distributed by ThemeREX. All releases of the theme with a version of 1.11 or lower are impacted. Users operating those versions should identify whether their WordPress installations are using the affected theme and verify the exact version number.
Risk and Exploitability
The CVSS score of 8.1 rates this as a high‑severity vulnerability. The EPSS score of less than 1% indicates that exploitation is unlikely at the current time, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the attack vector is likely remote and unauthenticated, where an attacker issues a crafted web request that triggers the file inclusion. Successful exploitation would require the web server to expose the target files and the WordPress environment to allow the inclusion without proper restriction.
OpenCVE Enrichment