WordPress mTheme-Unus Theme - Local File Inclusion

What is the "WordPress mTheme-Unus Theme - Local File Inclusion?"

The "WordPress mTheme-Unus Theme - Local File Inclusion" module is designed to detect a vulnerability in the mTheme-Unus WordPress theme. This vulnerability allows an attacker to include local files through the "css.php" file. The severity of this vulnerability is classified as high.

This module was authored by dhiyaneshDk.

Impact

If exploited, this vulnerability can allow an attacker to access sensitive information stored in the WordPress configuration file, such as database credentials.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:

/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

The module then applies the following matching conditions:

- The response body must contain the words "DB_NAME" and "DB_PASSWORD". - The response status code must be 200.

If both conditions are met, the module reports a vulnerability.

For more information, you can refer to the WPScan vulnerability report.