CVE-2015-9406

Name of the Vulnerable Software and Affected Versions mTheme-Unus theme versions prior to 2.3 for WordPress

Description The issue allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to "css/css.php". This is a directory traversal vulnerability.

Recommendations For mTheme-Unus theme versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "css/css.php" endpoint to minimize the risk of exploitation. Avoid using the files parameter in the affected endpoint until the issue is resolved.