AncoraThemes Tails WordPress Theme Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the AncoraThemes Tails WordPress theme, specifically in versions through 1.4.12. This vulnerability allows for improper control of filenames in include or require statements, potentially leading to the inclusion of local files from the server.

Impact

Exploitation of this vulnerability could allow a malicious actor to include local files from the server and display their contents. This could be particularly dangerous if sensitive files, such as those containing database credentials, are accessed, as it could lead to a complete takeover of the database, depending on the configuration.

Remediation

Users are advised to update to a version of the AncoraThemes Tails WordPress theme later than 1.4.12. Patchstack has also issued a mitigation rule to block attacks targeting this vulnerability.