Skip to main content

Overworld

1 CVEs product

Monthly

CVE-2026-57800 HIGH This Week

Local File Inclusion in the Edge-Themes 'Overworld' WordPress theme (versions up to and including 1.5) lets an authenticated attacker coerce a PHP include/require statement into loading arbitrary server-side files, disclosing sensitive data such as wp-config.php credentials and potentially escalating to code execution via log/session poisoning. The flaw was reported by Patchstack and is classified as CWE-98 (PHP Remote File Inclusion). No public exploit identified at time of analysis, and it is not listed in CISA KEV; EPSS was not provided.

Information Disclosure LFI PHP Overworld
NVD
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

Local File Inclusion in the Edge-Themes 'Overworld' WordPress theme (versions up to and including 1.5) lets an authenticated attacker coerce a PHP include/require statement into loading arbitrary server-side files, disclosing sensitive data such as wp-config.php credentials and potentially escalating to code execution via log/session poisoning. The flaw was reported by Patchstack and is classified as CWE-98 (PHP Remote File Inclusion). No public exploit identified at time of analysis, and it is not listed in CISA KEV; EPSS was not provided.

Information Disclosure LFI PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy