CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo | Night Club, DJ Event WordPress Theme: from n/a through <= 1.3.1.
Explanation of Vulnerability in Simple Terms
The Apollo | Night Club, DJ Event WordPress theme through version 1.3.1 contains a vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service availability. The vulnerability requires high attack complexity but no user interaction. Site administrators should update immediately to a version newer than 1.3.1.
What an attacker can do
Read sensitive data, modify site content, or disrupt service availability without authentication.
Potential impact on your site
Site data confidentiality, integrity, and availability are at risk; immediate patching is critical.
Conditions required to exploit
Network access only; no authentication or user interaction required, though exploitation requires high technical complexity.
Key dates
External resources
Related vulnerabilities
