Skip to main content

Atomlab

1 CVEs product

Monthly

CVE-2026-39590 HIGH This Week

Local file inclusion in the Atomlab WordPress theme versions 2.4.5 and earlier allows remote unauthenticated attackers to include arbitrary PHP files on the server, potentially leading to sensitive information disclosure and remote code execution. The flaw is tracked under CWE-98 (improper control of filename for include/require) and carries a CVSS 3.1 base score of 8.1 (high). No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Information Disclosure LFI Atomlab
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Local file inclusion in the Atomlab WordPress theme versions 2.4.5 and earlier allows remote unauthenticated attackers to include arbitrary PHP files on the server, potentially leading to sensitive information disclosure and remote code execution. The flaw is tracked under CWE-98 (improper control of filename for include/require) and carries a CVSS 3.1 base score of 8.1 (high). No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy