Traveler WordPress Theme Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the Traveler theme for WordPress, affecting all versions through 3.1.8. The issue arises in the 'hotel_alone_load_more_post' function, specifically through the 'style' parameter. This vulnerability allows unauthenticated attackers to include and execute arbitrary files on the server, potentially executing any PHP code contained in those files. Exploitation could lead to bypassing access controls, accessing sensitive data, or executing code in scenarios where PHP files can be uploaded and included.
Impact
Exploitation of this vulnerability could result in unauthorized file inclusion, allowing attackers to execute arbitrary PHP code on the server. This could be used to bypass access controls, access sensitive information, or execute malicious code, especially in cases where uploaded PHP files can be included and run.
Remediation
Users are advised to update the Traveler WordPress theme to version 3.1.9 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.