Skip to main content

Ecoblue

1 CVEs product

Monthly

CVE-2026-22338 HIGH This Week

Unauthenticated Local File Inclusion in ThemeREX EcoBlue WordPress theme versions 1.15 and earlier enables remote attackers to include arbitrary local files on the server without credentials, potentially leading to source code disclosure and remote code execution via PHP file inclusion (CWE-98). No public exploit identified at time of analysis, but the unauthenticated network-reachable nature combined with WordPress's broad deployment surface makes this notable. EPSS data was not provided, and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI Ecoblue
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated Local File Inclusion in ThemeREX EcoBlue WordPress theme versions 1.15 and earlier enables remote attackers to include arbitrary local files on the server without credentials, potentially leading to source code disclosure and remote code execution via PHP file inclusion (CWE-98). No public exploit identified at time of analysis, but the unauthenticated network-reachable nature combined with WordPress's broad deployment surface makes this notable. EPSS data was not provided, and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy