The Wound WordPress Theme Local File Inclusion Vulnerability

Vulnerability

A local file inclusion (LFI) vulnerability has been identified in the The Wound WordPress theme, versions through 0.0.1. The issue arises because the theme fails to properly validate certain parameters before using them to generate file paths for include functions. This lack of validation allows unauthenticated users to exploit the vulnerability, potentially leading to the download of arbitrary files from the server.

Impact

Exploitation of this vulnerability allows for local file inclusion, where an attacker can include files from the server's file system. This could be used to read sensitive files or, in some cases, execute code if the included file is processed by the server in a certain way.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

The Wound WordPress Theme Local File Inclusion Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating