Don-Themes Molla WordPress Theme Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Don-Themes Molla WordPress theme, specifically in versions through 1.5.16. This vulnerability arises from improper control of filenames in include or require statements, allowing for the inclusion of local files on the server. Such inclusion could be exploited to read sensitive files, potentially leading to a database takeover, depending on the site's configuration.

Impact

Exploitation of this vulnerability could allow a malicious actor to include and execute local files on the server, with the possibility of accessing sensitive information such as database credentials. This could lead to a complete takeover of the database, depending on the site's configuration.

Remediation

Users are advised to update the Molla WordPress theme to version 1.5.17 or later. Patchstack has also issued a mitigation rule to block attacks targeting this vulnerability.