AncoraThemes Mr. Cobbler WordPress Theme Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the AncoraThemes Mr. Cobbler WordPress theme, specifically in versions through 1.1.9. This vulnerability allows unauthorized users to include local files from the server, which could be exploited to access sensitive information such as database credentials, potentially leading to a complete takeover of the database.

Impact

Exploitation of this vulnerability could allow an attacker to include and execute local files on the server, with the possibility of accessing sensitive information such as database credentials. Depending on the server configuration, this could lead to a full compromise of the database.

Remediation

Users are advised to update the Mr. Cobbler WordPress theme to the latest version. If an update is not possible, consult with your hosting provider or web developer for assistance.