Skip to main content

Brook

2 CVEs product

Monthly

CVE-2026-57791 HIGH This Week

Local file inclusion in the ThemeMove Brook WordPress theme (versions up to and including 2.9.0) lets authenticated attackers coerce a PHP include/require statement into loading arbitrary local files on the server, exposing sensitive data such as wp-config.php credentials and potentially escalating to code execution. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.5, but exploitation is rated high-complexity (AC:H) and requires at least low-level authentication (PR:L). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure LFI PHP Brook
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33965 Go HIGH PATCH This Week

Brook is a cross-platform programmable network tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Brook
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
EPSS 0% CVSS 7.5
HIGH This Week

Local file inclusion in the ThemeMove Brook WordPress theme (versions up to and including 2.9.0) lets authenticated attackers coerce a PHP include/require statement into loading arbitrary local files on the server, exposing sensitive data such as wp-config.php credentials and potentially escalating to code execution. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.5, but exploitation is rated high-complexity (AC:H) and requires at least low-level authentication (PR:L). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure LFI PHP +1
NVD VulDB
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Brook is a cross-platform programmable network tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Brook
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy