Kastell WordPress Theme
CVE-2026-52707
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Network-reachable, unauthenticated, no UI; AC:H reflects the specific traversal-encoding needed for CWE-35; C:H for full file disclosure (wp-config), I/A lowered to L absent confirmed code-execution primitive.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
AnalysisAI
Unauthenticated local file inclusion in the Mikado-Themes Kastell WordPress theme (versions ≤ 2.0) allows remote attackers to traverse directories and read or include arbitrary server-side files, potentially leading to disclosure of sensitive configuration data such as wp-config.php and, depending on PHP configuration, code execution. The flaw is reported via Patchstack with CVSS 8.1 (high) and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Target must be a WordPress site running the Mikado-Themes Kastell theme at version 2.0 or earlier with the vulnerable theme code reachable over HTTP (theme activated, or its files still accessible under /wp-content/themes/kastell/). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N rates the issue High (8.1) with full C/I/A impact, reflecting that an unauthenticated network attacker can compromise the WordPress site if the exploit conditions are met; the High attack complexity hints that a specific payload encoding or precondition is required to bypass sanitization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An opportunistic attacker scanning for known WordPress theme vulnerabilities sends a crafted unauthenticated HTTP GET/POST request to a Kastell-specific endpoint with a manipulated path parameter (e.g., file=....//....//wp-config.php) that bypasses the theme's sanitization, causing PHP to read wp-config.php and disclose the database credentials and AUTH_KEYs. Where the server allows including writable files (uploads, session files, or log files with attacker-controlled content), the same primitive can be escalated to remote code execution. … |
| Remediation | Upgrade the Kastell theme to a version newer than 2.0 once the vendor (Mikado-Themes) publishes a fixed release; the supplied data does not list an exact patched version, so site owners should monitor Patchstack (https://patchstack.com/database/wordpress/theme/kastell/vulnerability/wordpress-kastell-theme-2-0-local-file-inclusion-vulnerability) and the Mikado-Themes changelog for the corrected build. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and catalog all WordPress installations using Kastell theme versions ≤2.0 and assess active deployment status. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-35 – Path Traversal: '.../...//'
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today