WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability

Vulnerability

The Gita WordPress theme (all versions up to and including 1.11) is vulnerable to an unauthenticated Local File Inclusion (LFI) [1]. The vulnerability resides in the theme's file handling logic, which does not properly validate user input when including files. No special configuration is required; the vulnerable code path is reachable by default in affected versions [1].

Exploitation

An attacker with no prior authentication or special privileges can exploit this vulnerability by sending a crafted HTTP request to the WordPress site running the vulnerable theme [1]. The attack does not require any user interaction or write access to the server; it is performed remotely over the network [1]. The specific request manipulates a parameter to traverse directories and include arbitrary local files from the server's filesystem.

Impact

Successful exploitation allows the attacker to read the contents of arbitrary files on the target server [1]. This includes sensitive files such as wp-config.php, which contains database credentials. If database credentials are disclosed, an attacker could potentially gain full control of the database, leading to complete site compromise depending on configuration [1]. Confidentiality is breached; integrity and availability may also be affected if credentials lead to further attacks.

Mitigation

As of the available reference, no patched version of the Gita theme has been released to address this issue [1]. Users are advised to update the theme immediately once a fixed version becomes available. In the meantime, as an immediate action, either update the affected plugin or contact your hosting provider or web developer for assistance [1]. There is no mention of a KEV listing. If the vendor does not release a fix, consider replacing the theme with an alternative.