Mikado Themes Depot Local File Inclusion Vulnerability
Vulnerability
A local file inclusion vulnerability has been identified in the Mikado Themes Depot WordPress theme, specifically in versions through 1.16. This vulnerability arises from improper control of filenames in include or require statements, allowing for the inclusion of local files on the server. Such an inclusion could be exploited to read sensitive files, potentially leading to a complete takeover of the database, depending on the site's configuration.
Impact
Exploitation of this vulnerability could allow an attacker to include and execute local files on the server, with the possibility of accessing sensitive information such as database credentials. In some cases, this could lead to a full compromise of the database.
Remediation
Users are advised to update to a version of the Mikado Themes Depot WordPress theme that is later than 1.16. For those using Patchstack, a mitigation rule has been issued to block attacks targeting this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.