This vulnerability arises from insufficient validation of filenames used in PHP include or require statements within QantumThemes Typify versions up to 3.0.2. It enables PHP Local File Inclusion, allowing an attacker to include files from the local filesystem, which can lead to remote code execution or disclosure of sensitive information. The CVSS score of 8.1 reflects high impact across confidentiality, integrity, and availability, with network attack vector and no privileges or user interaction required. No official patch or vendor advisory is currently provided.

Successful exploitation can lead to full compromise of the affected system by allowing attackers to execute arbitrary code or access sensitive files. The vulnerability impacts confidentiality, integrity, and availability severely. No known exploits have been reported in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting the vulnerable include/require functionality if possible, or apply custom code validation to control file inclusion. Monitor vendor channels for updates and apply patches promptly once released.