关键信息 漏洞概述 漏洞名称: WordPress SNS Anton Theme <= 4.1 is vulnerable to Local File Inclusion 优先级: High priority 受影响版本: <= 4.1 官方修复: No official fix available 风险 类型: Critical 描述: This vulnerability is highly dangerous and expected to become mass exploited. It could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could potentially allow complete database takeover depending on the configuration. 解决方案 建议: Automatically mitigate vulnerabilities and keep your websites safe. 措施: Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. 细节 插件/主题: SNS Anton 类型: Theme 易受攻击的版本: <= 4.1 修复版本: N/A 时间线 报告者: Tran Nguyen Bao Khanh (WCI - VNPT Cyber immunity) 报告日期: 07 Jun 2023 早期预警: Early warning sent out to Patchstack customers on 09 Jun 2023