Skip to main content

Audrey

1 CVEs product

Monthly

CVE-2026-42382 HIGH This Week

Unauthenticated Local File Inclusion in the Audrey WordPress theme (elated-themes) affects all versions up to and including 1.5, letting remote attackers coerce the PHP application into including arbitrary files. Because CWE-98 covers PHP file-inclusion flaws, a successful include can leak sensitive files (wp-config.php, credentials) and, where remote or attacker-controlled content is includable, escalate to code execution. No public exploit is identified at time of analysis and the issue is not listed in CISA KEV, though the network-reachable, unauthenticated nature (CVSS 8.1) makes it a meaningful patching priority for sites running this theme.

LFI Information Disclosure PHP Audrey
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated Local File Inclusion in the Audrey WordPress theme (elated-themes) affects all versions up to and including 1.5, letting remote attackers coerce the PHP application into including arbitrary files. Because CWE-98 covers PHP file-inclusion flaws, a successful include can leak sensitive files (wp-config.php, credentials) and, where remote or attacker-controlled content is includable, escalate to code execution. No public exploit is identified at time of analysis and the issue is not listed in CISA KEV, though the network-reachable, unauthenticated nature (CVSS 8.1) makes it a meaningful patching priority for sites running this theme.

LFI Information Disclosure PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy