WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability

Vulnerability

The Aperitif WordPress theme versions <=1.5 contain an unauthenticated Local File Inclusion (LFI) vulnerability. An attacker can exploit this flaw without any authentication or special privileges, allowing them to include arbitrary local files from the server's filesystem [1].

Exploitation

An attacker can send a crafted HTTP request to the vulnerable theme endpoint, specifying a malicious file path. No authentication or user interaction is required. The vulnerability is known to be used in mass-exploit campaigns, targeting thousands of websites regardless of size [1].

Impact

Successful exploitation enables an attacker to read sensitive files, such as wp-config.php, which contains database credentials. This could lead to complete database takeover depending on server configuration. The CVSS score is 8.1 (High), reflecting the severity of information disclosure and potential for further compromise [1].

Mitigation

The vulnerability is fixed in version 1.6 of the Aperitif theme. Users are advised to update immediately. Patchstack has also issued a mitigation rule to block attacks until the update is applied. No other workarounds are available [1].