Bootstrap Ultimate WordPress Theme Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the Bootstrap Ultimate theme for WordPress, affecting all versions through 1.4.9. The vulnerability arises from the 'path' parameter, allowing unauthenticated attackers to include PHP files from the server. This inclusion can execute any PHP code within those files, potentially bypassing access controls, accessing sensitive information, or executing code in scenarios where PHP files can be uploaded and included. If php://filter is enabled on the server, this vulnerability could lead to remote code execution.
Impact
Exploitation of this vulnerability could result in local file inclusion, allowing execution of arbitrary PHP code. In cases in which php://filter is enabled on the server, this could lead to remote code execution.
Remediation
No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected theme.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.