Impact
Unauthenticated Local File Inclusion is present in versions of the WordPress Uppercase theme older than 1.2.2. The flaw allows an attacker to control the file path included by the theme, potentially reading sensitive files from the server. This can expose configuration data, credentials, or other confidential information stored on the host.
Affected Systems
Any WordPress site that has the Uppercase theme installed, specifically versions lower than 1.2.2, is vulnerable. The issue affects all authors or site operators using this theme in its outdated state.
Risk and Exploitability
The vulnerability has a CVSS score of 8.1, indicating a high severity level. EPSS information is not available, so the exploitation likelihood cannot be quantified at this time. The bug is not listed in the CISA Known Exploited Vulnerabilities catalog. It is inferred that the attack likely proceeds by manipulating a parameter that the theme uses to include files, allowing an unauthenticated attacker to specify arbitrary file paths on the server.
OpenCVE Enrichment