ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)
| Description | The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. |
| Proof of Concept | The PoC will be displayed on October 28, 2019, to give users the time to update. |
Affects Theme
|
fixed in version 2.2
|
References
| URL | https://themeforest.net/item/churchope-responsive-wordpress-theme/2708562?s_rank=1 |
| URL | https://themeforest.net/item/churchope-responsive-wordpress-theme/2708562/comments?page=97 |
Classification
| Type | LFI |
| OWASP Top 10 | A1: Injection |
| CWE | CWE-22 |
Miscellaneous
| Submitter | Justin Smith |
| Views | 5865 |
| Verified | No |
| WPVDB ID | 7710 |
Timeline
| Publicly Published | 2014-12-07 (almost 5 years ago) |
| Added | 2014-12-07 (almost 5 years ago) |
| Last Updated | 2019-10-14 (3 days ago) |
Our Other Services
| Online WordPress Vulnerability Scanner | WPScan WordPress Security Plugin |
