*Title: Caulk Wordpress Theme Full Path Disclosure*

*Description:*

According to OWASP:

“Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the
path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain
vulnerabilities, such as using the load_file() (within a SQL Injection)
query to view the page source, require the attacker to have the full path
to the file they wish to view.”

*Proof of concept:*
http://localhost/wp-content/themes/Caulk/


*Fatal error: Call to undefined function get_header() in
/homepages/13/d229281523/htdocs/ShowOff/wp-content/themes/Caulk/index.php
on line 1*