Themesion Grevo WordPress Theme Improper Control of Filename Vulnerability Allowing Remote File Inclusion

Vulnerability

A vulnerability allowing improper control of filenames in include or require statements has been identified in the Themesion Grevo WordPress theme, specifically in versions through 2.4. This issue creates a PHP remote file inclusion vulnerability, which could potentially be exploited to include malicious files from remote servers.

Impact

Exploitation of this vulnerability could lead to remote file inclusion, allowing attackers to execute malicious scripts on the server.

Added: Oct 22, 2025, 3:36 PM

Updated: Oct 22, 2025, 9:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Themesion Grevo WordPress Theme Improper Control of Filename Vulnerability Allowing Remote File Inclusion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating