Executive Summary

The WordPress Kelly Young Theme, version 1.1.0 or lower, contains a Local File Inclusion (LFI) vulnerability. This flaw allows an unauthenticated attacker to include local files from the target website. Exploiting this vulnerability can expose sensitive data such as database credentials.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability has a high severity with a CVSS score of 8.1, indicating significant danger. An attacker exploiting this flaw could gain access to sensitive information, potentially leading to a complete database takeover depending on the site's configuration. This could result in data breaches, loss of data integrity, and service availability issues.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate action is advised to mitigate the Local File Inclusion vulnerability in the Kelly Young WordPress theme version 1.1.0 or lower.

• Update the theme to a version higher than 1.1.0 if available.
• If no official patch is available, apply the mitigation rule issued by Patchstack to block attacks until a fix is released.
• Seek assistance from your hosting provider or a web developer to implement protective measures.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows attackers to include local files from the target website, potentially exposing sensitive data such as database credentials. Exposure of such sensitive information could lead to a complete database takeover depending on the site's configuration.

The exposure and potential compromise of sensitive data can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information from unauthorized access.

Therefore, if exploited, this vulnerability could result in violations of data protection requirements mandated by these regulations.

Useful 0 Not Useful 0