Vulnerability: - Title: WordPress Xcare Theme < 6.5 is vulnerable to a high priority Local File Inclusion - Priority: High priority - CVSS Score: 8.1 - Description: This vulnerability could allow a malicious actor to include local files of the target website, potentially showing their output on the screen. Files storing credentials, such as database credentials, could lead to database takeover. Affected Software: - Software: Xcare - Type: Theme - Vulnerable Versions: <6.5 - Fixed in: 6.5 Mitigation/Solutions: - Mitigation Advice: Automatically mitigate vulnerabilities and keep your websites safe using Patchstack. - Resolution: Update to version 6.5 or later. Timeline: - Reported by: Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) on 7 Sep, 2025 Other Information: - Patchstack offers automated mitigation rules for protection until the site is updated.