MinimogWP WordPress Theme Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the MinimogWP WordPress theme, affecting all versions up to and including 3.7.0. The vulnerability arises from the 'template' parameter, allowing unauthenticated attackers to include and execute arbitrary files on the server. This exploitation can lead to the execution of PHP code contained in the included files, potentially bypassing access controls, accessing sensitive data, or executing code in scenarios where images or other 'safe' file types can be uploaded and included.
Impact
Exploitation of this vulnerability could result in unauthorized file inclusion, allowing attackers to execute arbitrary PHP code on the server. This could be used to bypass access controls, access sensitive information, or execute malicious code, especially in cases where uploaded files are not properly validated.
Remediation
Users are advised to update the MinimogWP WordPress theme to version 3.8.0 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.