This vulnerability in Mikado-Themes Wilmër arises from improper validation or control of filenames used in PHP include or require statements. Specifically, it allows PHP Local File Inclusion, which can enable an attacker to execute arbitrary local files on the server. The issue affects all versions prior to 3.4.2. The CVSS 3.1 vector indicates network attack vector, high attack complexity, no privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability.

Successful exploitation could lead to unauthorized disclosure of sensitive information, modification of data, and disruption of service on the affected system. The high CVSS score reflects the potential for significant compromise of the affected environment. However, no active exploitation has been reported to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch links or official fixes are provided, users should monitor the Mikado-Themes vendor communications for updates. Until a fix is available, consider restricting access to vulnerable endpoints and applying application-level controls to limit file inclusion risks.