Themes Vulnerabilities

epic Theme - Arbitrary File Download

Description

The Epic WordPress theme was affected by an Arbitrary File Download security vulnerability.

Affects Themes

epic
No known fix

References

CVE
CVE-2014-10396
URL
https://packetstormsecurity.com/files/#128186/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
69585074-4627-4d07-aad6-5916ecc93b32

Timeline

Publicly Published
2016-03-03 (about 10 years ago)
Added
2016-03-03 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-09-26
Title
Workreap < 3.3.6 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2014-12-16
Title
DB Backup < 5.0 - Path Traversal File Access
Published
2025-10-03
Title
PixelYourSite < 11.1.2 - Admin+ LFI
Published
2021-06-09
Title
Motor theme < 3.1.0 - Unauthenticated Local File Inclusion
Published
2022-01-31
Title
Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI