Skip to main content

Solene

1 CVEs product

Monthly

CVE-2026-39522 HIGH This Week

Unauthenticated Local File Inclusion in the Solene WordPress theme versions 3.4 and earlier allows remote attackers to read arbitrary server-side files and potentially execute PHP code via improperly controlled filename inclusion (CWE-98). The flaw is reachable over the network without credentials, and while CVSS:3.1 rates it 8.1 (High) with high attack complexity, no public exploit identified at time of analysis. Wide impact is plausible because Solene is a commercial WordPress theme distributed by Elated Themes and exposed on internet-facing sites.

PHP Information Disclosure LFI Solene
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated Local File Inclusion in the Solene WordPress theme versions 3.4 and earlier allows remote attackers to read arbitrary server-side files and potentially execute PHP code via improperly controlled filename inclusion (CWE-98). The flaw is reachable over the network without credentials, and while CVSS:3.1 rates it 8.1 (High) with high attack complexity, no public exploit identified at time of analysis. Wide impact is plausible because Solene is a commercial WordPress theme distributed by Elated Themes and exposed on internet-facing sites.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy