Boutique

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-39613 HIGH This Week

Local file inclusion in kutethemes Boutique WordPress theme versions ≤2.3.3 allows authenticated attackers with low privileges to include arbitrary PHP files, leading to high-severity impacts including information disclosure, code execution, and system compromise. Exploitation requires network access with high attack complexity. No public exploit identified at time of analysis. Authenticated attack vector (PR:L) limits exposure to users with existing credentials.

PHP Information Disclosure Lfi Boutique

NVD

CVSS 3.1

7.5

EPSS

0.1%

CVE-2026-39613

EPSS 0% CVSS 7.5

HIGH This Week

Local file inclusion in kutethemes Boutique WordPress theme versions ≤2.3.3 allows authenticated attackers with low privileges to include arbitrary PHP files, leading to high-severity impacts including information disclosure, code execution, and system compromise. Exploitation requires network access with high attack complexity. No public exploit identified at time of analysis. Authenticated attack vector (PR:L) limits exposure to users with existing credentials.

PHP Information Disclosure Lfi +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy