Impact
This vulnerability permits an unauthenticated attacker to influence the file path used in the Reprizo theme, enabling local file inclusion. The flaw can allow the attacker to read sensitive files such as configuration files or contain sensitive data. The weakness corresponds to CWE‑98, which focuses on improper validation of file paths, leading to potential data disclosure and, in some scenarios, escalation of privilege.
Affected Systems
The flaw affects the AxiomThemes Reprizo theme versions up to and including 1.0.8. Any WordPress installation running this theme or its earlier releases is potentially vulnerable. No other versions or products were listed as affected.
Risk and Exploitability
With a CVSS score of 8.1, the vulnerability represents high severity. While the current EPSS score is not available, the lack of a KEV listing suggests that no widespread exploitation has been publicly reported yet. Nevertheless, the vulnerability is exploitable without authentication by submitting crafted requests that manipulate file paths within the theme, so the risk remains significant and the exploitation window should not be ignored.
OpenCVE Enrichment