Themes Vulnerabilities

NativeChurch Theme - Arbitrary File Download

Description

The NativeChurch WordPress theme was affected by an Arbitrary File Download security vulnerability.

Proof of Concept

Affects Themes

NativeChurch
Fixed in 1.6.2

References

URL
https://packetstormsecurity.com/files/#132297/
URL
https://support.imithemes.com/documentation/change-log-2/
URL
https://web.archive.org/web/20150609082209/https://www.intelligentexploit.com/view-details.html?id=19753

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
2e1062ed-0c48-473f-aab2-20ac9d4c72b1

Timeline

Publicly Published
2014-09-28 (about 11 years ago)
Added
2014-09-28 (about 11 years ago)
Last Updated
2020-07-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-05
Title
WordPress Gallery Exporter <= 1.3 - Authenticated (Administrator+) Arbitrary File Download
Published
2022-07-28
Title
VR Calendar < 2.4.5 - LFI via CSRF
Published
2025-06-24
Title
FW Food Menu <= 6.0.0 - Unauthenticated Arbitrary File Deletion
Published
2023-12-28
Title
Product Feed Manager < 7.3.16 - Authenticated (Admin+) Directory Traversal
Published
2014-08-01
Title
Plugin Newsletter 1.5 - Remote File Disclosure