Skip to main content

Aqua

2 CVEs product

Monthly

CVE-2026-57789 HIGH This Week

Local File Inclusion in the jwsthemes Aqua WordPress theme (versions up to and including 5.1.2) lets an authenticated attacker coerce a PHP include/require statement into loading arbitrary local files, exposing sensitive data and potentially achieving code execution. Reported by Patchstack under CWE-98, the flaw carries CVSS 7.5 but requires low-level privileges and high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure LFI PHP Aqua
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-37051 HIGH This Week

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aqua Clion Datagrip Dataspell +9
NVD
CVSS 3.1
7.5
EPSS
3.8%
EPSS 0% CVSS 7.5
HIGH This Week

Local File Inclusion in the jwsthemes Aqua WordPress theme (versions up to and including 5.1.2) lets an authenticated attacker coerce a PHP include/require statement into loading arbitrary local files, exposing sensitive data and potentially achieving code execution. Reported by Patchstack under CWE-98, the flaw carries CVSS 7.5 but requires low-level privileges and high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure LFI PHP +1
NVD VulDB
EPSS 4% CVSS 7.5
HIGH This Week

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aqua Clion +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy