CVE-2026-27335
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows PHP Local File Inclusion.This issue affects Ekoterra - NonProfit, Green Energy & Ecology Theme: from n/a through <= 1.0.0.
Analysis
The Ekoterra WordPress theme through version 1.0.0 contains a local file inclusion vulnerability in its PHP file handling that allows unauthenticated attackers to read arbitrary files from the server. This high-severity flaw (CVSS 8.1) stems from improper validation of file paths in include/require statements, enabling attackers to access sensitive configuration files and other protected data. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all WordPress instances running Ekoterra theme and document affected systems; immediately disable the theme or take sites offline if alternative theme unavailable. Within 7 days: Contact AncoraThemes for patch availability and timeline; implement Web Application Firewall rules to block malicious file inclusion attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today