Skip to main content

Aperitif WordPress Theme CVE-2026-39549

| EUVD-2026-37477 HIGH
PHP Remote File Inclusion (CWE-98)
2026-06-16 Patchstack
PHP Information Disclosure LFI Aperitif
8.1
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Remote unauthenticated LFI (AV:N/PR:N/UI:N); AC:H reflects the specific parameter/traversal precondition; primary impact is file disclosure (C:H), with I/A only via secondary chains, hence I:L/A:L.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 23:38 vuln.today

DescriptionCVE.org

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

AnalysisAI

Unauthenticated local file inclusion in the Aperitif WordPress theme (versions up to and including 1.5) by elated-themes allows remote attackers to coerce the PHP include/require chain into loading attacker-controlled paths without credentials or user interaction. No public exploit identified at time of analysis, but the high CIA impact and unauthenticated network reach make it a meaningful supply-chain risk for sites using this commercial theme. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Fingerprint Aperitif theme on target
Delivery
Identify vulnerable include parameter
Exploit
Send crafted traversal request
Install
Read wp-config.php secrets
C2
Authenticate as WordPress admin
Execute
Upload backdoor plugin
Impact
Persistent site takeover
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a WordPress installation with the Aperitif theme at version ≤1.5 actively installed (not merely present in the themes directory - the vulnerable include path must be reachable via the theme's front-end or AJAX handlers). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed: CVSS 8.1 with AV:N/PR:N/UI:N points to remote unauthenticated reach, but AC:H tempers it - Patchstack typically assigns AC:H when a non-trivial precondition (specific parameter, traversal sequence, or chained request) is needed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker scanning the internet fingerprints WordPress sites running the Aperitif theme (visible via /wp-content/themes/aperitif/ asset paths) and issues a crafted HTTP request to a theme endpoint whose parameter is passed into a PHP include, embedding a traversal sequence to read /var/www/html/wp-config.php. With the disclosed DB credentials and secret keys, the attacker authenticates to MySQL or forges WordPress auth cookies to gain admin access and deploys a backdoor plugin. …
Remediation No vendor-released patch version is identified in the available data - the Patchstack record only enumerates affected versions ≤1.5 without naming a fixed release, so administrators should monitor the elated-themes ThemeForest/vendor page and the Patchstack advisory (https://patchstack.com/database/wordpress/theme/aperitif/vulnerability/wordpress-aperitif-theme-1-5-local-file-inclusion-vulnerability) for an updated build above 1.5 and upgrade as soon as it is published. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Conduct inventory of all WordPress instances using Aperitif theme (versions ≤1.5) and assess criticality; consider temporarily disabling the theme or taking affected sites offline if no immediate alternative theme is available. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-55692 HIGH POC
7.5 Jun 19

Stored cross-site scripting in the StarCitizenWiki EmbedVideo MediaWiki extension (versions <= 4.0.0) allows any user wi
CVE-2026-9815 MEDIUM POC
6.5 Jun 18

Unrestricted PHP file upload in the MagicForm WordPress plugin (through version 0.1.3) enables unauthenticated remote co
CVE-2026-48908 CRITICAL
10.0 Jun 20

Remote unauthenticated arbitrary file upload in JoomShaper SP Page Builder extension for Joomla (versions 1.0.0 through

CVE-2026-48939 CRITICAL
10.0 Jun 20

Arbitrary PHP file upload in the iCagenda extension for Joomla enables remote unauthenticated attackers to abuse the eve
CVE-2025-69108 CRITICAL
9.8 Jun 16

Unauthenticated PHP Object Injection in the ThemeREX Hot Coffee WordPress theme (versions ≤ 1.7) allows remote attackers

Share

CVE-2026-39549 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy