Skip to main content

Kastell WordPress Theme CVE-2026-52707

HIGH
Path Traversal: '.../...//' (CWE-35)
2026-06-17 Patchstack
8.1
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Network-reachable, unauthenticated, no UI; AC:H reflects the specific traversal-encoding needed for CWE-35; C:H for full file disclosure (wp-config), I/A lowered to L absent confirmed code-execution primitive.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 14:28 vuln.today

DescriptionCVE.org

Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.

AnalysisAI

Unauthenticated local file inclusion in the Mikado-Themes Kastell WordPress theme (versions ≤ 2.0) allows remote attackers to traverse directories and read or include arbitrary server-side files, potentially leading to disclosure of sensitive configuration data such as wp-config.php and, depending on PHP configuration, code execution. The flaw is reported via Patchstack with CVSS 8.1 (high) and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site using Kastell theme
Delivery
Send crafted request with traversal payload
Exploit
Bypass theme path sanitization
Execution
Read or include arbitrary local file
Persist
Exfiltrate wp-config.php credentials
Impact
Pivot to database or RCE via log poisoning

Vulnerability AssessmentAI

Exploitation Target must be a WordPress site running the Mikado-Themes Kastell theme at version 2.0 or earlier with the vulnerable theme code reachable over HTTP (theme activated, or its files still accessible under /wp-content/themes/kastell/). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N rates the issue High (8.1) with full C/I/A impact, reflecting that an unauthenticated network attacker can compromise the WordPress site if the exploit conditions are met; the High attack complexity hints that a specific payload encoding or precondition is required to bypass sanitization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An opportunistic attacker scanning for known WordPress theme vulnerabilities sends a crafted unauthenticated HTTP GET/POST request to a Kastell-specific endpoint with a manipulated path parameter (e.g., file=....//....//wp-config.php) that bypasses the theme's sanitization, causing PHP to read wp-config.php and disclose the database credentials and AUTH_KEYs. Where the server allows including writable files (uploads, session files, or log files with attacker-controlled content), the same primitive can be escalated to remote code execution. …
Remediation Upgrade the Kastell theme to a version newer than 2.0 once the vendor (Mikado-Themes) publishes a fixed release; the supplied data does not list an exact patched version, so site owners should monitor Patchstack (https://patchstack.com/database/wordpress/theme/kastell/vulnerability/wordpress-kastell-theme-2-0-local-file-inclusion-vulnerability) and the Mikado-Themes changelog for the corrected build. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and catalog all WordPress installations using Kastell theme versions ≤2.0 and assess active deployment status. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52707 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy