This vulnerability in AncoraThemes Notarius arises from improper validation of filenames used in PHP include or require statements, leading to PHP Local File Inclusion. This can allow attackers to include unintended files on the server, potentially resulting in remote code execution or data disclosure. The affected versions are up to and including 1.9. The CVSS 3.1 vector indicates network attack vector, high attack complexity, no privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability.

Successful exploitation can lead to full compromise of the affected system, including unauthorized disclosure of sensitive data, modification of data, and disruption of service. Given the high CVSS score and the nature of the vulnerability, the impact is severe if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting access to the vulnerable functionality and applying any recommended temporary mitigations from the vendor. Monitor official AncoraThemes channels for updates.