Skip to main content

Kastell

1 CVEs product

Monthly

CVE-2026-52707 HIGH This Week

Unauthenticated local file inclusion in the Mikado-Themes Kastell WordPress theme (versions ≤ 2.0) allows remote attackers to traverse directories and read or include arbitrary server-side files, potentially leading to disclosure of sensitive configuration data such as wp-config.php and, depending on PHP configuration, code execution. The flaw is reported via Patchstack with CVSS 8.1 (high) and no public exploit identified at time of analysis. The CWE-35 classification (Path Traversal: '.../...//') points to relative-path manipulation as the root cause.

Information Disclosure Kastell
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Mikado-Themes Kastell WordPress theme (versions ≤ 2.0) allows remote attackers to traverse directories and read or include arbitrary server-side files, potentially leading to disclosure of sensitive configuration data such as wp-config.php and, depending on PHP configuration, code execution. The flaw is reported via Patchstack with CVSS 8.1 (high) and no public exploit identified at time of analysis. The CWE-35 classification (Path Traversal: '.../...//') points to relative-path manipulation as the root cause.

Information Disclosure Kastell
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy