AncoraThemes FixTeam WordPress Theme Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the AncoraThemes FixTeam WordPress theme, specifically in versions through 1.4. This vulnerability arises from improper control of filenames in include or require statements, allowing for the inclusion of local files on the server. Such inclusion could be exploited to read sensitive files, potentially leading to a database takeover depending on the site's configuration.

Impact

Exploitation of this vulnerability could allow a malicious actor to include and execute local files on the server, with the possibility of accessing sensitive information such as database credentials. Depending on the site's configuration, this could lead to a complete takeover of the database.

Remediation

Users of the FixTeam WordPress theme are advised to update to the latest version. Patchstack has also issued a mitigation rule to block attacks targeting this vulnerability until an official patch can be safely applied.