This vulnerability in the Bimber - Viral Magazine WordPress Theme arises from improper validation of filenames used in PHP include or require statements, enabling remote file inclusion (CWE-98). The flaw affects all versions up to 9.2.5 and can be exploited remotely over the network with low attack complexity and privileges. Successful exploitation results in high impact on confidentiality, integrity, and availability, as indicated by a CVSS 3.1 score of 8.8. No patch or remediation guidance has been published by the vendor, and no known exploits have been observed in the wild.

An attacker with low privileges can exploit this vulnerability remotely without user interaction to include and execute arbitrary remote files. This can lead to full system compromise, including disclosure of sensitive information, modification or deletion of data, and disruption of service.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected theme files and consider disabling or replacing the theme to mitigate risk. Monitor for vendor updates regarding patches or official mitigations.