This is a critical PHP local file inclusion vulnerability in ThimPress BuilderPress. It allows unauthenticated attackers to include and execute arbitrary local files on vulnerable systems. The vulnerability holds a 9.8 CVSS v3 score, making it extremely high risk for exposed installations.
Remediation
Upgrade BuilderPress to a version newer than 2.0.1 immediately to remediate this flaw. Restrict access to the plugin's functionality to only authorized users until patching is complete. Scan web server directories for any unexpected or malicious files that may indicate exploitation.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.