Skip to main content

Promo

1 CVEs product

Monthly

CVE-2026-22325 HIGH This Week

Unauthenticated local file inclusion in the Promo WordPress theme through version 1.3.0 allows remote attackers to coerce the application into including arbitrary PHP files from the server, potentially leading to source code disclosure, sensitive file reads, or remote code execution where attacker-controlled files are reachable. The vulnerability is reported by Patchstack and affects axiomthemes' Promo theme; no public exploit identified at time of analysis and EPSS data was not provided. The CVSS 3.1 base score of 8.1 reflects high impact across confidentiality, integrity, and availability despite high attack complexity.

PHP Information Disclosure LFI Promo
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Promo WordPress theme through version 1.3.0 allows remote attackers to coerce the application into including arbitrary PHP files from the server, potentially leading to source code disclosure, sensitive file reads, or remote code execution where attacker-controlled files are reachable. The vulnerability is reported by Patchstack and affects axiomthemes' Promo theme; no public exploit identified at time of analysis and EPSS data was not provided. The CVSS 3.1 base score of 8.1 reflects high impact across confidentiality, integrity, and availability despite high attack complexity.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy