VYPR

The-wound

by WordPress

CVEs (1)

  • CVE-2025-2558HigApr 24, 2025
    risk 0.56cvss 8.6epss 0.02

    The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server