Campress WordPress Theme Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the Campress theme for WordPress, affecting all versions through 1.35. The issue arises in the 'campress_woocommerce_get_ajax_products' function, allowing unauthenticated attackers to include and execute arbitrary files on the server. This vulnerability could be exploited to bypass access controls, access sensitive data, or execute code in cases where PHP files can be uploaded and included.
Impact
Exploitation of this vulnerability could lead to unauthorized file inclusion, allowing attackers to execute arbitrary PHP code on the server. This could be used to bypass access controls, access sensitive information, or execute malicious code, especially if the uploaded PHP files can be included and executed by the server.
Remediation
No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected theme.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.