Skip to main content

Nuss

1 CVEs product

Monthly

CVE-2026-57799 HIGH This Week

Local file inclusion in the uxper Nuss WordPress theme (versions up to and including 1.3.6) lets an authenticated attacker with low-privilege access coerce the theme into including arbitrary PHP-parsable files from the server via improperly controlled include/require paths (CWE-98). Successful exploitation can disclose sensitive files and, depending on what can be included, lead to code execution, with high confidentiality, integrity, and availability impact per the CVSS 7.5 rating. No public exploit identified at time of analysis; the flaw was reported through Patchstack.

Information Disclosure LFI PHP Nuss
NVD
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

Local file inclusion in the uxper Nuss WordPress theme (versions up to and including 1.3.6) lets an authenticated attacker with low-privilege access coerce the theme into including arbitrary PHP-parsable files from the server via improperly controlled include/require paths (CWE-98). Successful exploitation can disclose sensitive files and, depending on what can be included, lead to code execution, with high confidentiality, integrity, and availability impact per the CVSS 7.5 rating. No public exploit identified at time of analysis; the flaw was reported through Patchstack.

Information Disclosure LFI PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy