Here is the published exploit for the Elegance theme in Wordpress. This Local File Disclosure proof of concept will read the passwd file of a Linux system.
[+] Post Local File Disclosure in wordpress theme Elegance [+] Date: 07/06/2014 [+] CWE Number: CWE-98 [+] Risk: High [+] Author: Felipe Andrian Peixoto [+] Dork:inurl:"/wp-content/themes/elegance/" [+] Vendor Homepage: http://www.elegantthemes.com/ [+] Contact: felipe_andrian@hotmail.com [+] Tested on: Windows 7 and Linux [+] Vulnerable File: dl-skin.php [+] Exploit :eof
