Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-40755

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Jun, 2026 | 20:57
Updated At-17 Jun, 2026 | 10:38
Rejected At-
Credits

WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Jun, 2026 | 20:57
Updated At:17 Jun, 2026 | 10:38
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Affected Products
Vendor
Mikado-Themes
Product
TechLink
Collection URL
https://wordpress.org/themes
Package Name
techlink
Default Status
unaffected
Versions
Affected
  • From n/a through 1.3 (custom)
    • -> unaffectedfrom1.4
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-586CAPEC-586 Object Injection
CAPEC ID: CAPEC-586
Description: CAPEC-586 Object Injection
Solutions

Update the WordPress TechLink Theme to the latest available version (at least 1.4).

Configurations
Workarounds
Exploits
Credits
finder
Denver Jackson | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/theme/techlink/vulnerability/wordpress-techlink-theme-1-3-php-object-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/theme/techlink/vulnerability/wordpress-techlink-theme-1-3-php-object-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:17 Jun, 2026 | 13:20
Updated At:17 Jun, 2026 | 14:44

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-502Primaryaudit@patchstack.com
CWE ID: CWE-502
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/theme/techlink/vulnerability/wordpress-techlink-theme-1-3-php-object-injection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/theme/techlink/vulnerability/wordpress-techlink-theme-1-3-php-object-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

205Records found
CVE-2026-40751
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.32% / 23.58%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Ashtanga
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40753
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.31% / 22.26%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 09:51
Updated-17 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-EasyMeals
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40733
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.31% / 22.26%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 12:47
Updated-17 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-ShiftUp
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40739
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.32% / 23.58%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-LuxeDrive
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40757
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.02%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 12:47
Updated-17 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Château
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40756
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.02%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 12:47
Updated-17 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Zoya
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40759
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.32% / 23.58%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Esmée
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-27077
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.40% / 32.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2.

Action-Not Available
Vendor-Mikado-Themes
Product-MultiOffice
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-27342
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.41% / 33.07%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TopFit - Fitness and Gym WordPress Theme theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through <= 1.9.

Action-Not Available
Vendor-Mikado-Themes
Product-TopFit - Fitness and Gym WordPress Theme
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-27080
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.51% / 39.52%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through <= 1.0.

Action-Not Available
Vendor-Mikado-Themes
Product-Deston
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-27341
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.41% / 33.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TopScorer - Sports WordPress Theme theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through <= 1.2.

Action-Not Available
Vendor-Mikado-Themes
Product-TopScorer - Sports WordPress Theme
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22457
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.52% / 39.97%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wanderland theme <= 1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.5.

Action-Not Available
Vendor-Mikado-Themes
Product-Wanderland
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22399
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Holmes theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through <= 1.7.

Action-Not Available
Vendor-Mikado-Themes
Product-Holmes
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22427
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GoTravel theme <= 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes GoTravel gotravel allows PHP Local File Inclusion.This issue affects GoTravel: from n/a through <= 2.1.

Action-Not Available
Vendor-Mikado-Themes
Product-GoTravel
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22412
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eona theme <= 1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Eona eona allows PHP Local File Inclusion.This issue affects Eona: from n/a through <= 1.3.

Action-Not Available
Vendor-Mikado-Themes
Product-Eona
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22397
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fleur theme <= 2.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through <= 2.2.1.

Action-Not Available
Vendor-Mikado-Themes
Product-Fleur
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22389
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.09%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cocco theme <= 2.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 2.0.

Action-Not Available
Vendor-Mikado-Themes
Product-Cocco
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22403
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Innovio theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Innovio innovio allows PHP Local File Inclusion.This issue affects Innovio: from n/a through <= 1.9.

Action-Not Available
Vendor-Mikado-Themes
Product-Innovio
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22410
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dolcino theme <= 1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dolcino dolcino allows PHP Local File Inclusion.This issue affects Dolcino: from n/a through <= 1.6.

Action-Not Available
Vendor-Mikado-Themes
Product-Dolcino
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22344
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.51% / 39.52%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FiveStar theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n/a through <= 1.7.

Action-Not Available
Vendor-Mikado-Themes
Product-FiveStar
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22381
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.33% / 24.31%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:47
Updated-28 Apr, 2026 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.

Action-Not Available
Vendor-Mikado-Themes
Product-PawFriends - Pet Shop and Veterinary WordPress Theme
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22395
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fiorello theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fiorello fiorello allows PHP Local File Inclusion.This issue affects Fiorello: from n/a through <= 1.0.

Action-Not Available
Vendor-Mikado-Themes
Product-Fiorello
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22392
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cortex theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cortex cortex allows PHP Local File Inclusion.This issue affects Cortex: from n/a through <= 1.9.

Action-Not Available
Vendor-Mikado-Themes
Product-Cortex
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22394
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Evently theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Evently evently allows PHP Local File Inclusion.This issue affects Evently: from n/a through <= 1.7.

Action-Not Available
Vendor-Mikado-Themes
Product-Evently
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-52707
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.13%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 12:47
Updated-17 Jun, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Kastell
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2026-40731
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.42% / 33.73%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 09:51
Updated-17 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-ChapterOne
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-39537
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.42% / 33.73%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 09:50
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Mikado Core
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-69408
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.51% / 39.52%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HealthFirst theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issue affects HealthFirst: from n/a through <= 1.0.1.

Action-Not Available
Vendor-Mikado-Themes
Product-HealthFirst
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-69034
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.33% / 24.31%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 10:47
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lekker theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-lekkerLekker
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-67934
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.60%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wellspring theme < 2.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-wellspringWellspring
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-67936
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.60%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Curly theme < 3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-curlyCurly
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-67940
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.09%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Powerlift theme < 3.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through < 3.2.1.

Action-Not Available
Vendor-Mikado-Themes
Product-Powerlift
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-67937
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.60%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hendon theme < 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-hendonHendon
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-54003
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.09%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Depot theme <= 1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16.

Action-Not Available
Vendor-Mikado-Themes
Product-Depot
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-49297
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.41% / 32.50%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:53
Updated-12 May, 2026 | 00:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grill and Chow theme <= 1.6 - Local File Inclusion Vulnerability

Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-grill_and_chowGrill and Chow
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2025-49296
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.41% / 32.50%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:53
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GrandPrix theme <= 1.6 - Local File Inclusion Vulnerability

Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-grandprixGrandPrix
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2025-49295
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.41% / 32.50%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:53
Updated-12 May, 2026 | 00:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MediClinic theme <= 2.1 - Local File Inclusion Vulnerability

Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-mediclinicMediClinic
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2026-27079
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.40% / 32.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1.

Action-Not Available
Vendor-Mikado-Themes
Product-Amfissa
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-27075
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.40% / 32.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0.

Action-Not Available
Vendor-Mikado-Themes
Product-Belfort
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-27076
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.51% / 39.53%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through <= 1.0.

Action-Not Available
Vendor-Mikado-Themes
Product-LuxeDrive
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-27078
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.51% / 39.53%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1.

Action-Not Available
Vendor-Mikado-Themes
Product-Emaurri
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-27047
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.40% / 32.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through <= 2.1.6.

Action-Not Available
Vendor-Mikado-Themes
Product-Curly Core
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-27081
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.40% / 32.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4.

Action-Not Available
Vendor-Mikado-Themes
Product-Rosebud
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39494
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.48% / 37.74%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-wilmerWilmër
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39467
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 38.61%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:53
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wanderland theme <= 1.7.1 - Local File Inclusion Vulnerability

Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-wanderlandWanderland
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2025-39466
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.54% / 41.11%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:53
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dør theme <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-dorDør
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39458
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.62% / 44.81%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 18:47
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Foton theme <= 2.5.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2.

Action-Not Available
Vendor-qodeinteractiveMikado-Themes
Product-fotonFoton
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22387
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Aviana theme <= 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects Aviana: from n/a through <= 2.1.

Action-Not Available
Vendor-Mikado-Themes
Product-Aviana
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22414
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Marra theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Marra marra allows PHP Local File Inclusion.This issue affects Marra: from n/a through <= 1.2.

Action-Not Available
Vendor-Mikado-Themes
Product-Marra
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-22405
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.50% / 39.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Overton theme <= 1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Overton overton allows PHP Local File Inclusion.This issue affects Overton: from n/a through <= 1.3.

Action-Not Available
Vendor-Mikado-Themes
Product-Overton
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found