Impact
This vulnerability is an unauthenticated Local File Inclusion flaw in the Gita theme, allowing attackers to read any file on the server’s file system. The flaw is based on improper validation of user‑supplied file paths, a weakness captured by CWE‑98. Successful exploitation can expose sensitive configuration files, secrets, or enable further lateral movement within the host, potentially leading to remote code execution if exploited in conjunction with other vulnerabilities.
Affected Systems
ThemeREX’s Gita WordPress theme versions 1.11 and earlier are affected. Users of these versions should verify the exact theme version and consider upgrading.
Risk and Exploitability
The CVSS score of 8.1 classifies the issue as high severity. However, the EPSS score is less than 1%, indicating a low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the flaw without authentication, so the risk remains significant if the flaw is present on production sites.
OpenCVE Enrichment