Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Builty – Construction WordPress Theme 1.4.0

  • Severity: critical
  • Status: Open
  • Publication: May 20, 2025

Several themes created by bslthemes for WordPress have a security issue called “Local File Inclusion.” This means that people who are not logged in to the website can access and run any file they want on the server, including files with PHP code. This can be used to get around security measures, access private information, and even run code on the website.

Detected in:

Ashley - Creative Portfolio WordPress Theme fixed vulnerable versions: >= * <= 1.7.0
Builty - Construction WordPress Theme fixed vulnerable versions: >= * <= 1.4.0
Courtney - Personal Portfolio WordPress Theme fixed vulnerable versions: >= * <= 1.3.0
ITSulu - Technology & IT Solutions WordPress Theme fixed vulnerable versions: >= * <= 1.4.0
Kaffen - Restaurant & Cafe WordPress Theme fixed vulnerable versions: >= * <= 1.2.5
Kinsley - Hotel Booking Theme fixed vulnerable versions: >= * <= 3.4.4
Larson - Architecture WordPress Theme fixed vulnerable versions: >= * <= 1.5.0
Lesya - Beauty Salon & Spa WordPress Theme fixed vulnerable versions: >= * <= 1.7.2
Lettery fixed vulnerable versions: >= * <= 1.1.7
Luique - Personal Portfolio WordPress Theme fixed vulnerable versions: >= * <= 1.3.0
Minterio fixed vulnerable versions: >= * <= 1.4.0
OBER - CV Resume WordPress Theme fixed vulnerable versions: >= * <= 1.3.3
Ruizarch - Architecture WordPress Theme fixed vulnerable versions: >= * <= 1.1.0
Samantha - Personal Trainer & Fitness WordPress Theme fixed vulnerable versions: >= * <= 1.1.0
Starbelly - Restaurant & Cafe WordPress Theme fixed vulnerable versions: >= * <= 1.3.6
Oblo - Creative Agency Portfolio WordPress Theme open vulnerable versions: >= * <= 2.2.4

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.