Key Information Vulnerability Type: Local File Inclusion Affected Versions: WordPress Davenport - Versatile Blog and Magazine WordPress Theme Plugin <= 1.3 Risk Level: High priority Official Fix: No official fix available Report Date: 20 June 2023 Reporter: Tran Nguyen Bao Khoanh (VCI - VNPT Cyber Immunity) Release Date: 27 June 2023 Risk Description This vulnerability is highly dangerous and expected to become mass exploited. It could allow a malicious actor to include local files of the target website and display their output on the screen. Files containing credentials, such as database credentials, could potentially lead to complete database takeover depending on the configuration. Solution We advise mitigating or resolving the vulnerability immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available, can be tested, and safely applied.