Skip to main content

Setsail

1 CVEs product

Monthly

CVE-2026-57801 HIGH This Week

PHP Local File Inclusion in the Select-Themes SetSail WordPress theme (versions up to and including 2.1) allows an authenticated attacker to coerce the application into including local files via improper control of a filename in an include/require statement. Successful exploitation can disclose sensitive files (e.g., wp-config.php) and, depending on server conditions, escalate to code execution through log poisoning or PHP wrapper abuse. This is a Patchstack-reported issue with no public exploit identified at time of analysis and no CISA KEV listing.

Information Disclosure LFI PHP Setsail
NVD
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

PHP Local File Inclusion in the Select-Themes SetSail WordPress theme (versions up to and including 2.1) allows an authenticated attacker to coerce the application into including local files via improper control of a filename in an include/require statement. Successful exploitation can disclose sensitive files (e.g., wp-config.php) and, depending on server conditions, escalate to code execution through log poisoning or PHP wrapper abuse. This is a Patchstack-reported issue with no public exploit identified at time of analysis and no CISA KEV listing.

Information Disclosure LFI PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy