Organicfood

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-39684 HIGH This Week

Local file inclusion in UnTheme OrganicFood WordPress theme versions up to 3.6.4 enables authenticated attackers with low privileges to read arbitrary files on the server and potentially achieve remote code execution. Exploitation requires network access and high attack complexity (CVSS AC:H), allowing disclosure of sensitive configuration data, credentials, and system files. Authenticated access (PR:L) is required. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.05%).

Information Disclosure Lfi PHP Organicfood

NVD

CVSS 3.1

7.5

EPSS

0.1%

CVE-2026-39684

EPSS 0% CVSS 7.5

HIGH This Week

Local file inclusion in UnTheme OrganicFood WordPress theme versions up to 3.6.4 enables authenticated attackers with low privileges to read arbitrary files on the server and potentially achieve remote code execution. Exploitation requires network access and high attack complexity (CVSS AC:H), allowing disclosure of sensitive configuration data, credentials, and system files. Authenticated access (PR:L) is required. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.05%).

Information Disclosure Lfi PHP +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy