Skip to main content

Malm

1 CVEs product

Monthly

CVE-2026-39558 HIGH This Week

Unauthenticated local file inclusion in the Malmö WordPress theme versions 2.2 and earlier allows remote attackers to include arbitrary local files via crafted requests, enabling disclosure of sensitive server-side content and potentially remote code execution. The flaw is reported by Patchstack and classified as CWE-98 (improper control of filename for include/require), with no public exploit identified at time of analysis. Affected sites are WordPress installations using the elated-themes Malmö theme.

PHP Information Disclosure LFI Malm
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Malmö WordPress theme versions 2.2 and earlier allows remote attackers to include arbitrary local files via crafted requests, enabling disclosure of sensitive server-side content and potentially remote code execution. The flaw is reported by Patchstack and classified as CWE-98 (improper control of filename for include/require), with no public exploit identified at time of analysis. Affected sites are WordPress installations using the elated-themes Malmö theme.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy