Primary

Context

ThimPress Ivy School Path Traversal Vulnerability Leading to Local File Inclusion

Vulnerability

A path traversal vulnerability allowing PHP local file inclusion has been identified in the ThimPress Ivy School WordPress theme, affecting versions through 1.6.0. This vulnerability could enable the inclusion of local files from the target website, potentially exposing sensitive information such as database credentials, which could lead to a complete database takeover depending on the configuration.

Impact

Exploitation of this vulnerability could allow unauthorized inclusion of local files, with the potential to expose sensitive information such as database credentials. Depending on the site's configuration, this could result in a complete takeover of the database.

Remediation

Users are advised to update to version 1.6.1 or later. Patchstack has also issued a virtual patch to mitigate this vulnerability until users can update.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ThimPress Ivy School Path Traversal Vulnerability Leading to Local File Inclusion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating