Key Information Vulnerability Name: WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme Theme <= 2.6 is vulnerable to Local File Inclusion Priority: High priority Affected Versions: <= 2.6 Fix Status: No official fix available Risk: This vulnerability is highly dangerous and expected to become mass exploited. Vulnerability Type: Local File Inclusion Description: This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could potentially allow complete database takeover depending on the configuration. Solution: Automatically mitigate vulnerabilities and keep your websites safe. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. Timeline: - Reported by Tran Nguyen Bao Khoanh (VCI - VNPT Cyber Immunity) on 20 June 2023 - Early warning sent out to Patchstack customers on 20 June 2023 - Published by Patchstack on 27 June 2023