Skip to main content

Billey

1 CVEs product

Monthly

CVE-2026-57790 HIGH This Week

Local File Inclusion in the ThemeMove 'Billey' premium WordPress theme (versions up to and including 2.1.8) lets an authenticated attacker with low privileges control a filename used in a PHP include/require statement, exposing sensitive server-side files such as wp-config.php. Classified by Patchstack under CWE-98 (PHP Remote File Inclusion) but resolving to Local File Inclusion in practice, the flaw carries a CVSS 7.5 rating and no public exploit identified at time of analysis. Under specific conditions PHP file inclusion can escalate from information disclosure toward code execution via techniques such as log poisoning.

Information Disclosure LFI PHP Billey
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

Local File Inclusion in the ThemeMove 'Billey' premium WordPress theme (versions up to and including 2.1.8) lets an authenticated attacker with low privileges control a filename used in a PHP include/require statement, exposing sensitive server-side files such as wp-config.php. Classified by Patchstack under CWE-98 (PHP Remote File Inclusion) but resolving to Local File Inclusion in practice, the flaw carries a CVSS 7.5 rating and no public exploit identified at time of analysis. Under specific conditions PHP file inclusion can escalate from information disclosure toward code execution via techniques such as log poisoning.

Information Disclosure LFI PHP +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy