Primary

Context

Mikado Themes MediClinic Path Traversal Vulnerability Leading to Local File Inclusion

Vulnerability

A path traversal vulnerability has been identified in the Mikado Themes MediClinic WordPress theme, specifically in versions through 2.1. This vulnerability allows for PHP local file inclusion, which could enable a malicious actor to include and execute local files from the server, potentially leading to the exposure of sensitive information such as database credentials.

Impact

Exploitation of this vulnerability could allow for local file inclusion, with the included files being executed as PHP scripts. This could lead to the exposure of sensitive information, such as database credentials, and depending on the server configuration, could allow for a complete takeover of the database.

Remediation

Users are advised to update to version 2.2 or later to address this vulnerability. Patchstack has also issued a virtual patch to mitigate the issue until users can update.

Added: Jun 9, 2025, 4:20 PM

Updated: Jun 9, 2025, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mikado Themes MediClinic Path Traversal Vulnerability Leading to Local File Inclusion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating