Skip to main content

Aalto

1 CVEs product

Monthly

CVE-2026-57788 HIGH This Week

Local File Inclusion in the Edge-Themes "Aalto" WordPress theme (all versions up to and including 1.8) lets an authenticated attacker control a filename passed to a PHP include/require statement, exposing local files and potentially executing PHP. The flaw was reported by Patchstack and carries CVSS 7.5; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Despite the CWE-98 "Remote File Inclusion" classification, the described impact is Local File Inclusion.

Information Disclosure LFI PHP Aalto
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

Local File Inclusion in the Edge-Themes "Aalto" WordPress theme (all versions up to and including 1.8) lets an authenticated attacker control a filename passed to a PHP include/require statement, exposing local files and potentially executing PHP. The flaw was reported by Patchstack and carries CVSS 7.5; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Despite the CWE-98 "Remote File Inclusion" classification, the described impact is Local File Inclusion.

Information Disclosure LFI PHP +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy